Verdacht auf Virus - Emailaccount gehackt

Home » Viren, Trojaner & Malware Forum » Verdacht auf Virus - Emailaccount gehackt » Themenansicht

Seite(n): 1 2

Antworten

Verdacht auf Virus - Emailaccount gehackt

07.12.2011, 21:43 CLedy Member Beiträge: 42	#1 Seit gut einen Monat ist meine Rechnerleistung um ein vielfaches geschwächt. Das Öffnen von Anwendungen läuft nur spärlich und dauert. Der Zugriff auf Dateien nimmt viel Zeit in Anspruch, obwohl keinerlei Anwendung im Hintergrund laufen. Habe Autostart-Programme auf ein Minumum reduziert. Internet läuft ohne Probleme, dieser Thread bezieht sich ausschliesslich auf die Rechnerleistung. Ich bin der Meinung da läuft etwas im Hintergrund, welches mir arge Sorgen bereitet. Vor ca. 3 Wochen wurde mein Emailaccount bei GMX gesperrt, da dieser für SPAM genutzt wurde. Ich öffne meine Emails jedoch nur über Outlook. Der Virenscanner ist bisher nicht angeschlagen!!! OTL lief problemlos, beim Ausführen von gmer ist der Computer nach ca. 4 Std. unerwartet heruntergefahren. Bitte um Hilfe und danke schonmal im voraus!!! CLedy OTL logfile created on: 07.12.2011 13:46:24 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Christian Lederer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 \| Country: Deutschland \| Language: DEU \| Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory \| 1,36 Gb Available Physical Memory \| 45,32% Memory free 6,19 Gb Paging File \| 4,95 Gb Available in Paging File \| 79,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 144,09 Gb Total Space \| 59,52 Gb Free Space \| 41,31% Space Free \| Partition Type: NTFS Drive D: \| 144,00 Gb Total Space \| 68,72 Gb Free Space \| 47,73% Space Free \| Partition Type: NTFS Drive E: \| 1,11 Gb Total Space \| 0,00 Gb Free Space \| 0,00% Space Free \| Partition Type: UDF Computer Name: CHRISTIANLED-PC \| User Name: Christian Lederer \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Quick Scan Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011.12.07 13:43:43 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\Christian Lederer\Desktop\OTL.exe PRC - [2011.11.17 06:58:04 \| 003,303,000 \| ---- \| M] (Akamai Technologies, Inc) -- C:\Users\Christian Lederer\AppData\Local\Akamai\netsession_win.exe PRC - [2011.10.19 16:03:02 \| 000,080,336 \| ---- \| M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.19 16:02:47 \| 000,086,224 \| ---- \| M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:02:35 \| 000,463,824 \| ---- \| M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.10.19 16:02:33 \| 000,342,480 \| ---- \| M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.10.19 16:02:32 \| 000,258,512 \| ---- \| M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 16:02:32 \| 000,110,032 \| ---- \| M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.16 15:51:28 \| 000,671,552 \| ---- \| M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.09.16 15:48:46 \| 001,526,080 \| ---- \| M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2010.07.27 15:21:58 \| 000,135,168 \| ---- \| M] () -- C:\Windows\System32\ChgService.exe PRC - [2010.04.15 09:16:48 \| 000,288,064 \| ---- \| M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe PRC - [2009.04.11 07:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 \| 000,069,120 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.02.06 16:02:14 \| 000,109,056 \| ---- \| M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.02.02 01:20:40 \| 000,795,936 \| ---- \| M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe PRC - [2008.01.21 03:23:32 \| 001,008,184 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008.01.21 03:23:32 \| 000,319,544 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe PRC - [2006.04.18 03:00:00 \| 000,102,400 \| ---- \| M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011.02.09 01:56:38 \| 000,296,448 \| ---- \| M] () -- D:\Joomla\Notepad++\NppShell_04.dll MOD - [2010.11.17 20:08:02 \| 000,075,048 \| ---- \| M] () -- C:\Program Files\FILEminimizer Pictures\FILEMShell.dll MOD - [2010.08.15 23:08:44 \| 000,094,208 \| ---- \| M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2009.08.16 16:06:02 \| 000,141,312 \| ---- \| M] () -- C:\Program Files\WinRAR\RarExt.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled \| Stopped] -- -- (Nero BackItUp Scheduler 4.0) SRV - [2011.11.20 09:39:30 \| 003,313,752 \| ---- \| M] () [Auto \| Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai) SRV - [2011.10.19 16:02:47 \| 000,086,224 \| ---- \| M] (Avira Operations GmbH & Co. KG) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:02:35 \| 000,463,824 \| ---- \| M] (Avira Operations GmbH & Co. KG) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.10.19 16:02:33 \| 000,342,480 \| ---- \| M] (Avira Operations GmbH & Co. KG) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.10.19 16:02:32 \| 000,110,032 \| ---- \| M] (Avira Operations GmbH & Co. KG) [Auto \| Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.16 15:48:46 \| 001,526,080 \| ---- \| M] (TuneUp Software) [Auto \| Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.06.01 13:44:54 \| 002,337,144 \| ---- \| M] (TeamViewer GmbH) [Disabled \| Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.05.13 16:52:43 \| 000,655,624 \| ---- \| M] (Acresso Software Inc.) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.07.27 15:21:58 \| 000,135,168 \| ---- \| M] () [Auto \| Running] -- C:\Windows\System32\ChgService.exe -- (Change Modem Device Service) SRV - [2009.08.27 16:09:10 \| 001,253,376 \| ---- \| M] (MAGIX AG) [Unknown \| Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.22 09:16:50 \| 000,099,632 \| ---- \| M] (Apple Inc.) [Disabled \| Stopped] -- C:\Windows\System32\AppleTimeSrv.exe -- (AppleTimeSrv) SRV - [2009.07.22 09:16:48 \| 000,136,496 \| ---- \| M] () [Disabled \| Stopped] -- C:\Windows\System32\AppleOSSMgr.exe -- (AppleOSSMgr) SRV - [2009.02.06 16:02:14 \| 000,109,056 \| ---- \| M] (ArcSoft Inc.) [Auto \| Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008.08.07 10:10:02 \| 003,276,800 \| ---- \| M] (MAGIX®) [Disabled \| Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.05.23 13:11:56 \| 000,819,200 \| ---- \| M] (Intel(R) Corporation) [Disabled \| Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.05.23 12:43:52 \| 000,466,944 \| ---- \| M] (Intel(R) Corporation) [Disabled \| Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.02.02 01:20:34 \| 000,144,672 \| ---- \| M] (Nuance Communications, Inc.) [Disabled \| Stopped] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv) SRV - [2008.01.21 03:23:32 \| 000,272,952 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.04.18 03:00:00 \| 000,102,400 \| ---- \| M] (SEIKO EPSON CORPORATION) [Auto \| Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011.10.19 16:03:01 \| 000,134,344 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.19 16:03:01 \| 000,074,640 \| ---- \| M] (Avira GmbH) [File_System \| Auto \| Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 16:03:01 \| 000,036,000 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.22 17:10:34 \| 000,238,696 \| ---- \| M] (Microsoft Corporation) [File_System \| Disabled \| Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105) DRV - [2011.03.14 20:05:50 \| 000,034,376 \| ---- \| M] (Rane Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\strmdrvl.sys -- (strmdrvl) DRV - [2011.01.18 14:16:40 \| 000,046,200 \| ---- \| M] (Cristalink Ltd) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\SL2Usb.sys -- (SL2Usb) DRV - [2011.01.18 14:16:36 \| 000,046,200 \| ---- \| M] (Cristalink Ltd) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\SL2UsbNoSSL.sys -- (SL2UsbNoSSL) DRV - [2010.11.29 19:27:40 \| 000,010,064 \| ---- \| M] (TuneUp Software) [Kernel \| On_Demand \| Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.10.05 17:28:59 \| 000,697,328 \| ---- \| M] () [Kernel \| Boot \| Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.07.10 10:13:01 \| 000,103,680 \| ---- \| M] (C-motech Co.,Ltd.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser) DRV - [2010.06.17 14:14:27 \| 000,028,520 \| ---- \| M] (Avira GmbH) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.29 14:20:15 \| 000,278,728 \| ---- \| M] () [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.04.29 14:20:15 \| 000,025,416 \| ---- \| M] () [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.03.16 18:53:44 \| 000,017,408 \| ---- \| M] (Apple Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009.12.17 10:56:04 \| 000,103,424 \| ---- \| M] (Mobile Connector) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser) DRV - [2009.11.26 08:32:46 \| 000,087,424 \| ---- \| M] (Global Wireless Incorporated) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\BMusbmdm.sys -- (BMusbmdm) DRV - [2009.11.26 08:32:46 \| 000,087,424 \| ---- \| M] (Global Wireless Incorporated) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\BMserNmea.sys -- (BMserNmea) DRV - [2009.11.26 08:32:46 \| 000,087,424 \| ---- \| M] (Global Wireless Incorporated) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\BMserDiag.sys -- (BMserDiag) DRV - [2009.10.26 09:43:54 \| 000,032,800 \| ---- \| M] (REALTEK SEMICONDUCTOR Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.10.26 09:43:52 \| 000,093,344 \| ---- \| M] (REALTEK SEMICONDUCTOR Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.10.05 19:20:26 \| 000,031,872 \| ---- \| M] (Realtek) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.07.22 18:13:07 \| 000,044,576 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.07.22 09:11:44 \| 000,005,760 \| ---- \| M] (Apple Inc.) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\KeyAgent.sys -- (KeyAgent) DRV - [2009.07.22 09:11:18 \| 000,048,000 \| ---- \| M] (Apple Inc.) [File_System \| Boot \| Running] -- C:\Windows\System32\drivers\AppleHFS.sys -- (AppleHFS) DRV - [2009.07.22 09:11:18 \| 000,005,120 \| ---- \| M] (Apple Inc.) [Kernel \| Boot \| Running] -- C:\Windows\System32\drivers\AppleMNT.sys -- (AppleMNT) DRV - [2009.07.22 09:11:14 \| 000,008,576 \| ---- \| M] (Apple Inc.) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\MacHALDriver.sys -- (MacHALDriver) DRV - [2008.10.09 15:42:42 \| 000,017,408 \| ---- \| M] (Windows (R) Codename Longhorn DDK provider) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.08.21 07:15:50 \| 000,032,800 \| ---- \| M] (REALTEK SEMICONDUCTOR Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\RTL2831UUSB.sys -- (RTL2831UUSB) DRV - [2008.08.21 07:15:44 \| 000,094,112 \| ---- \| M] (REALTEK SEMICONDUCTOR Corp.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\RTL2831UBDA.sys -- (RTL2831UBDA) DRV - [2008.07.30 06:51:30 \| 000,277,736 \| ---- \| M] (Protect Software GmbH) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.06.09 15:23:00 \| 007,522,624 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.21 03:36:12 \| 003,663,360 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.05.07 07:09:20 \| 000,125,200 \| ---- \| M] (Deterministic Networks, Inc.) [Kernel \| Disabled \| Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.03.01 12:12:16 \| 000,075,776 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser) DRV - [2007.03.01 12:12:16 \| 000,058,368 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM) DRV - [2006.11.10 14:05:00 \| 000,018,688 \| ---- \| M] (Arcsoft, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2004.01.28 15:03:26 \| 000,021,456 \| ---- \| M] (Texas Instruments Incorporated) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.13 16:27:59 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.13 16:27:59 \| 000,000,000 \| ---D \| M] [2010.04.17 17:34:45 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Christian Lederer\AppData\Roaming\mozilla\Extensions [2011.12.07 09:44:27 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Christian Lederer\AppData\Roaming\mozilla\Firefox\Profiles\4fydp7rl.default\extensions [2011.11.14 08:52:02 \| 000,000,000 \| ---D \| M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian Lederer\AppData\Roaming\mozilla\Firefox\Profiles\4fydp7rl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.11 13:08:58 \| 000,000,000 \| ---D \| M] (Adblock Plus) -- C:\Users\Christian Lederer\AppData\Roaming\mozilla\Firefox\Profiles\4fydp7rl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.09.21 07:49:15 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.06.22 09:25:41 \| 000,000,000 \| ---D \| M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.04.22 00:24:12 \| 000,000,000 \| ---D \| M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.11.13 16:27:57 \| 000,001,392 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.13 16:27:57 \| 000,002,344 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.13 16:27:57 \| 000,006,805 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.13 16:27:57 \| 000,001,178 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.13 16:27:57 \| 000,001,105 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 \| 000,000,761 \| ---- \| M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Filme_auf_DVD_9\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Christian Lederer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.) O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Christian Lederer\Desktop\PartyPoker.lnk () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Christian Lederer\Desktop\PartyPoker.lnk () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A79D647-452D-4F37-88B7-A059A108771D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFF482C3-B75F-40E7-A58B-6623653533B2}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\imfrmwrk.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\isuspm.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\ncc.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pdfdirect.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pdfplus.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pdfrouter.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 \| 000,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{04bc4a68-2969-11e0-96cb-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{04bc4a68-2969-11e0-96cb-001e101fabdd}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{456ad7f9-2838-11e0-b592-001fe2fc84f8}\Shell - "" = AutoRun O33 - MountPoints2\{456ad7f9-2838-11e0-b592-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{51ea7d5c-4ad2-11e0-a257-001fe2fc84f8}\Shell - "" = AutoRun O33 - MountPoints2\{51ea7d5c-4ad2-11e0-a257-001fe2fc84f8}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{7f181251-a38b-11e0-8144-001fe2fc84f8}\Shell - "" = AutoRun O33 - MountPoints2\{7f181251-a38b-11e0-8144-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{eeaa6868-38e2-11e0-bf28-001fe2fc84f8}\Shell - "" = AutoRun O33 - MountPoints2\{eeaa6868-38e2-11e0-bf28-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\.\Windows_ShowModem.exe O33 - MountPoints2\{fc7e178c-4a24-11df-af3e-001fe2fc84f8}\Shell - "" = AutoRun O33 - MountPoints2\{fc7e178c-4a24-11df-af3e-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe O33 - MountPoints2\{fc7e1796-4a24-11df-af3e-001fe2fc84f8}\Shell - "" = AutoRun O33 - MountPoints2\{fc7e1796-4a24-11df-af3e-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing LP) MsConfig - StartUpFolder: C:^Users^Christian Lederer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe - (Nikon Corporation) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - File not found MsConfig - StartUpReg: PDF5 Registry Controller - hkey= - key= - C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: PDFHook - hkey= - key= - C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011.12.07 13:44:52 \| 000,000,000 \| ---D \| C] -- C:\Users\Christian Lederer\Desktop\BProtectus [2011.12.07 13:43:38 \| 000,584,192 \| ---- \| C] (OldTimer Tools) -- C:\Users\Christian Lederer\Desktop\OTL.exe [2011.12.03 16:54:49 \| 000,000,000 \| ---D \| C] -- C:\Users\Christian Lederer\Desktop\Musik für Heike [2011.11.20 15:58:18 \| 000,000,000 \| ---D \| C] -- C:\Users\Christian Lederer\Documents\Visual Studio 2010 [2011.11.20 15:53:24 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\VS [2011.11.20 15:47:27 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.11.20 15:46:21 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Silverlight [2011.11.16 20:50:47 \| 000,000,000 \| ---D \| C] -- C:\Users\Christian Lederer\AppData\Local\PokerStars [2011.11.16 20:50:32 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars [2011.11.16 20:50:13 \| 000,000,000 \| ---D \| C] -- C:\Program Files\PokerStars [2011.11.14 19:56:28 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker [2011.11.14 08:51:46 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.11.14 08:50:36 \| 000,000,000 \| ---D \| C] -- C:\Program Files\DVDVideoSoft [2011.11.14 08:50:36 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\DVDVideoSoft [2011.11.14 08:44:57 \| 000,000,000 \| ---D \| C] -- C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.14 08:42:20 \| 079,982,323 \| ---- \| C] (Daslight ) -- C:\Users\Christian Lederer\Desktop\DVC2_setup.exe [2011.11.13 19:00:26 \| 000,000,000 \| ---D \| C] -- C:\Users\Christian Lederer\Desktop\HEIKE [2011.11.13 18:57:59 \| 000,663,552 \| ---- \| C] (MAGIX AG) -- C:\Windows\System32\mgxoschk.dll [2011.11.13 08:50:39 \| 000,000,000 \| ---D \| C] -- C:\Users\Christian Lederer\AppData\Local\ElevatedDiagnostics [2011.11.11 11:54:34 \| 000,000,000 \| ---D \| C] -- C:\Users\Christian Lederer\AppData\Local\Akamai [2011.03.10 14:28:10 \| 000,139,264 \| ---- \| C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2011.03.10 14:28:10 \| 000,126,976 \| ---- \| C] ( ) -- C:\Windows\System32\MACSSDK.dll [1 C:\Windows\System32\.tmp files -> C:\Windows\System32\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011.12.07 13:55:00 \| 000,000,434 \| -H-- \| M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3251C32D-4FEE-41CD-B081-78DC39EF160C}.job [2011.12.07 13:44:50 \| 000,314,071 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2011.12.07 13:43:43 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\Christian Lederer\Desktop\OTL.exe [2011.12.07 13:30:22 \| 000,003,712 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.07 13:30:22 \| 000,003,712 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.07 12:47:06 \| 000,314,071 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2011.12.07 12:47:04 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2011.12.05 20:14:40 \| 000,758,402 \| ---- \| M] () -- C:\Windows\System32\perfh007.dat [2011.12.05 20:14:40 \| 000,716,224 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2011.12.05 20:14:40 \| 000,178,428 \| ---- \| M] () -- C:\Windows\System32\perfc007.dat [2011.12.05 20:14:40 \| 000,151,010 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2011.12.05 17:05:19 \| 000,001,076 \| ---- \| M] () -- C:\Windows\bthservsdp.dat [2011.12.05 16:49:24 \| 000,188,928 \| ---- \| M] () -- C:\Users\Christian Lederer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.24 22:13:36 \| 011,292,340 \| ---- \| M] () -- C:\Users\Christian Lederer\Desktop\Avenue d'Electronique - Neue Welt (Ariane) - final.mp3 [2011.11.24 22:04:48 \| 016,254,560 \| ---- \| M] () -- C:\Users\Christian Lederer\Desktop\Avenue d'Electronique - Fern Dieser Zeit (Ariane) - final.mp3 [2011.11.20 17:16:26 \| 000,414,632 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.14 19:56:28 \| 000,001,651 \| ---- \| M] () -- C:\Users\Christian Lederer\Desktop\PartyPoker.lnk [2011.11.13 10:10:15 \| 079,982,323 \| ---- \| M] (Daslight ) -- C:\Users\Christian Lederer\Desktop\DVC2_setup.exe [1 C:\Windows\System32\.tmp files -> C:\Windows\System32\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011.12.03 16:34:52 \| 003,373,524 \| ---- \| C] () -- C:\Users\Christian Lederer\Desktop\PRO VICTORIA.mp3 [2011.12.03 16:08:59 \| 011,292,340 \| ---- \| C] () -- C:\Users\Christian Lederer\Desktop\Avenue d'Electronique - Neue Welt (Ariane) - final.mp3 [2011.12.03 16:08:57 \| 016,254,560 \| ---- \| C] () -- C:\Users\Christian Lederer\Desktop\Avenue d'Electronique - Fern Dieser Zeit (Ariane) - final.mp3 [2011.11.14 19:56:28 \| 000,001,651 \| ---- \| C] () -- C:\Users\Christian Lederer\Desktop\PartyPoker.lnk [2011.06.27 07:24:36 \| 000,000,026 \| ---- \| C] () -- C:\Windows\popcinfo.dat [2011.06.24 04:36:38 \| 000,073,832 \| ---- \| C] () -- C:\Windows\System32\SuperFrameSplitter.dll [2011.06.24 04:36:38 \| 000,053,248 \| ---- \| C] () -- C:\Windows\System32\RTKDABMWare.dll [2011.05.19 15:38:22 \| 000,494,664 \| ---- \| C] () -- C:\Windows\System32\RaneAsioSL2.dll [2011.05.13 05:38:07 \| 000,117,248 \| ---- \| C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.05.13 05:38:07 \| 000,107,612 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.04.12 15:09:09 \| 000,032,608 \| ---- \| C] () -- C:\Windows\king-uninstall.exe [2011.03.21 07:35:48 \| 000,000,119 \| -HS- \| C] () -- C:\Windows\cnerolf.dat [2011.03.12 06:45:29 \| 000,002,560 \| ---- \| C] () -- C:\Windows\_MSRSTRT.EXE [2011.03.10 14:28:16 \| 000,024,576 \| ---- \| C] () -- C:\Windows\System32\drivers\Marker.exe [2011.03.10 14:28:15 \| 000,045,056 \| ---- \| C] () -- C:\Windows\System32\MAWebControl.exe [2011.03.10 14:28:15 \| 000,040,960 \| ---- \| C] () -- C:\Windows\System32\IhDEV.exe [2011.03.10 14:28:15 \| 000,024,576 \| ---- \| C] () -- C:\Windows\System32\IhINF.exe [2011.03.10 14:28:13 \| 001,060,424 \| ---- \| C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2011.03.10 14:28:12 \| 000,172,032 \| ---- \| C] () -- C:\Windows\System32\nvccoin.dll [2011.03.10 14:28:11 \| 000,274,432 \| ---- \| C] () -- C:\Windows\System32\NDADLL.dll [2011.03.10 14:28:10 \| 001,802,240 \| ---- \| C] () -- C:\Windows\System32\lcppn21.dll [2011.03.10 14:28:10 \| 000,307,200 \| ---- \| C] () -- C:\Windows\System32\LDBGenWizView.dll [2011.03.10 14:28:09 \| 000,061,440 \| ---- \| C] () -- C:\Windows\System32\igfxTMM.dll [2011.03.10 14:28:07 \| 000,061,440 \| ---- \| C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2011.03.10 14:28:06 \| 000,307,200 \| ---- \| C] () -- C:\Windows\SetDisplayResolution.exe [2011.03.10 14:28:06 \| 000,000,626 \| ---- \| C] () -- C:\Windows\HotFixList.ini [2011.03.10 14:28:06 \| 000,000,135 \| R--- \| C] () -- C:\Windows\System32\lngEng.ini [2011.03.10 14:28:06 \| 000,000,117 \| ---- \| C] () -- C:\Windows\System32\lngKor.ini [2011.02.15 16:19:04 \| 000,135,168 \| ---- \| C] () -- C:\Windows\System32\ChgService.exe [2011.01.05 15:35:41 \| 000,000,136 \| ---- \| C] () -- C:\Users\Christian Lederer\AppData\Roaming\default.rss [2010.10.08 19:00:47 \| 000,188,928 \| ---- \| C] () -- C:\Users\Christian Lederer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.08 16:08:18 \| 000,061,977 \| ---- \| C] () -- C:\Windows\uninstall_Wonderful Madeira.ini [2010.05.21 12:42:20 \| 000,000,306 \| RHS- \| C] () -- C:\ProgramData\ntuser.pol [2010.05.12 07:37:33 \| 000,000,000 \| ---- \| C] () -- C:\Windows\PROTOCOL.INI [2010.04.29 14:20:15 \| 000,278,728 \| ---- \| C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.04.29 14:20:15 \| 000,025,416 \| ---- \| C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.04.23 10:18:54 \| 000,000,039 \| ---- \| C] () -- C:\Windows\Irremote.ini [2010.04.19 15:49:04 \| 000,120,200 \| ---- \| C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.04.19 14:56:55 \| 000,018,904 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.04.19 14:45:32 \| 000,000,268 \| RH-- \| C] () -- C:\ProgramData\MIDI Drivers [2010.04.19 14:45:32 \| 000,000,268 \| RH-- \| C] () -- C:\Users\Christian Lederer\AppData\Roaming\Logs [2010.04.19 14:45:32 \| 000,000,020 \| -H-- \| C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.04.19 14:36:57 \| 000,000,268 \| RH-- \| C] () -- C:\ProgramData\MIDI Configurations [2010.04.19 14:36:57 \| 000,000,268 \| RH-- \| C] () -- C:\Users\Christian Lederer\AppData\Roaming\Light Machine [2010.04.19 14:36:57 \| 000,000,020 \| -H-- \| C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.04.18 10:36:40 \| 000,314,071 \| ---- \| C] () -- C:\ProgramData\nvModes.001 [2010.04.18 10:36:28 \| 000,314,071 \| ---- \| C] () -- C:\ProgramData\nvModes.dat [2010.04.17 14:32:36 \| 000,000,680 \| ---- \| C] () -- C:\Users\Christian Lederer\AppData\Local\d3d9caps.dat [2010.04.17 14:25:57 \| 000,001,076 \| ---- \| C] () -- C:\Windows\bthservsdp.dat [2009.07.22 09:16:48 \| 000,136,496 \| ---- \| C] () -- C:\Windows\System32\AppleOSSMgr.exe [2009.06.19 13:06:22 \| 000,197,912 \| ---- \| C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 13:06:22 \| 000,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 13:06:22 \| 000,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 13:06:22 \| 000,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 13:06:22 \| 000,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 13:06:22 \| 000,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 13:06:22 \| 000,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 13:06:22 \| 000,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 13:06:22 \| 000,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 13:06:22 \| 000,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008.01.21 08:15:58 \| 000,758,402 \| ---- \| C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 \| 000,290,748 \| ---- \| C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 \| 000,178,428 \| ---- \| C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 \| 000,036,916 \| ---- \| C] () -- C:\Windows\System32\perfd007.dat [2007.10.01 19:19:15 \| 000,098,304 \| ---- \| C] () -- C:\Windows\System32\fs2cchk4.dll [2006.11.02 13:57:28 \| 000,067,584 \| --S- \| C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 \| 000,414,632 \| ---- \| C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 \| 000,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 \| 000,716,224 \| ---- \| C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 \| 000,287,440 \| ---- \| C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 \| 000,151,010 \| ---- \| C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 \| 000,030,674 \| ---- \| C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 \| 000,215,943 \| ---- \| C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 \| 000,000,741 \| ---- \| C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 \| 000,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 \| 000,673,088 \| ---- \| C] () -- C:\Windows\System32\mlang.dat [2004.10.28 15:38:10 \| 000,315,728 \| ---- \| C] () -- C:\Windows\System32\flt1chk3.dll [color=#E56717]========== LOP Check ==========[/color] [2010.10.04 08:03:45 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\Alnera [2011.05.14 10:50:25 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\Amazon [2011.06.30 02:33:07 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\CherSoft [2010.04.26 20:23:03 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\DAEMON Tools Pro [2011.11.14 12:26:51 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoft [2011.11.14 08:52:01 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.02 08:08:48 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\FILEminimizerPictures [2011.05.17 16:09:58 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\FileZilla [2010.10.21 12:52:46 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\Inkscape [2010.04.19 15:53:42 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\MAGIX [2010.11.22 17:50:58 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\Nikon [2011.04.11 11:20:15 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\Notepad++ [2011.01.27 20:18:46 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\phonostar-Player [2010.04.28 16:47:28 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\ProtectDisc [2011.06.01 07:44:35 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\TeamViewer [2011.10.01 21:36:04 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\TuneUp Software [2010.12.11 21:39:25 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\UClick [2011.04.12 11:03:44 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\Valuga Software [2010.10.08 15:36:11 \| 000,000,000 \| ---D \| M] -- C:\Users\Christian Lederer\AppData\Roaming\Zeon [2011.12.05 17:05:20 \| 000,032,578 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.07 13:55:00 \| 000,000,434 \| -H-- \| M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3251C32D-4FEE-41CD-B081-78DC39EF160C}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\. >[/color] [2011.10.18 21:21:38 \| 000,000,000 \| -HSD \| M] -- C:\$Recycle.Bin [2010.05.27 12:53:50 \| 000,000,000 \| ---D \| M] -- C:\Archivos de programa [2011.05.13 19:57:41 \| 000,000,000 \| -HSD \| M] -- C:\Boot [2011.12.06 12:03:35 \| 000,000,000 \| -H-D \| M] -- C:\Config.Msi [2010.11.30 18:29:26 \| 000,000,000 \| ---D \| M] -- C:\coolspot AG [2006.11.02 14:02:03 \| 000,000,000 \| -HSD \| M] -- C:\Documents and Settings [2010.04.17 14:29:37 \| 000,000,000 \| -HSD \| M] -- C:\Dokumente und Einstellungen [2010.04.18 10:17:25 \| 000,000,000 \| ---D \| M] -- C:\Intel [2010.04.22 15:51:21 \| 000,000,000 \| RH-D \| M] -- C:\MSOCache [2011.01.27 02:02:47 \| 000,000,000 \| -H-D \| M] -- C:\ONWERETETR.exe [2008.01.21 03:32:31 \| 000,000,000 \| ---D \| M] -- C:\PerfLogs [2011.12.06 12:03:28 \| 000,000,000 \| ---D \| M] -- C:\Program Files [2011.11.21 23:23:28 \| 000,000,000 \| -H-D \| M] -- C:\ProgramData [2010.04.17 14:29:37 \| 000,000,000 \| -HSD \| M] -- C:\Programme [2011.11.14 19:55:55 \| 000,000,000 \| ---D \| M] -- C:\Programs [2010.12.05 10:04:01 \| 000,000,000 \| ---D \| M] -- C:\SiLabs [2011.12.07 13:51:01 \| 000,000,000 \| -HSD \| M] -- C:\System Volume Information [2011.10.18 21:21:18 \| 000,000,000 \| R--D \| M] -- C:\Users [2011.03.19 18:41:40 \| 000,000,000 \| ---D \| M] -- C:\VistaMare [2011.12.01 22:07:53 \| 000,000,000 \| ---D \| M] -- C:\Windows [color=#A23BEC]< %PROGRAMFILES%\.exe >[/color] [color=#A23BEC]< %LOCALAPPDATA%\.exe >[/color] [color=#A23BEC]< %systemroot%\. /mp /s >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008.10.29 07:20:29 \| 002,923,520 \| ---- \| M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 \| 002,927,104 \| ---- \| M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 \| 002,927,616 \| ---- \| M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 07:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 07:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 \| 002,923,520 \| ---- \| M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 \| 002,927,104 \| ---- \| M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe [color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] [2008.01.21 03:24:53 \| 000,134,656 \| ---- \| M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:24:53 \| 000,134,656 \| ---- \| M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008.01.21 03:24:49 \| 000,025,088 \| ---- \| M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 \| 000,025,088 \| ---- \| M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2008.01.21 03:23:42 \| 000,096,768 \| ---- \| M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 \| 000,096,768 \| ---- \| M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2009.04.11 07:28:13 \| 000,314,368 \| ---- \| M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 \| 000,314,368 \| ---- \| M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 \| 000,314,880 \| ---- \| M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] "NoAutoUpdate" = 0 [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-25 09:17:56 < End of report > OTL Extras logfile created on: 07.12.2011 13:46:24 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Christian Lederer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 \| Country: Deutschland \| Language: DEU \| Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory \| 1,36 Gb Available Physical Memory \| 45,32% Memory free 6,19 Gb Paging File \| 4,95 Gb Available in Paging File \| 79,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 144,09 Gb Total Space \| 59,52 Gb Free Space \| 41,31% Space Free \| Partition Type: NTFS Drive D: \| 144,00 Gb Total Space \| 68,72 Gb Free Space \| 47,73% Space Free \| Partition Type: NTFS Drive E: \| 1,11 Gb Total Space \| 0,00 Gb Free Space \| 0,00% Space Free \| Partition Type: UDF Computer Name: CHRISTIANLED-PC \| User Name: Christian Lederer \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user \| Quick Scan Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01431308-89C1-44F0-BF7A-F1DCC6865D1D}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{06BEB139-8449-48D6-9D08-0C7CC907AAA2}" = lport=5000 \| protocol=17 \| dir=in \| name=akamai netsession interface \| "{07AF73AB-2633-495C-B4D4-9C60B3D83D1D}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{14CBF368-AB31-405E-BE6A-D9B6BF8D5DA9}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{1690C266-6CB2-412B-B534-04F4F9C2A996}" = lport=5353 \| protocol=6 \| dir=in \| name=adobe csi cs4 \| "{19A418AE-1304-4637-AD04-3206A1781DB5}" = lport=2177 \| protocol=6 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{2A9AF1B4-D1EB-4D72-A16B-A06F801C81A7}" = rport=2177 \| protocol=17 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{3AAC7F30-DBE1-450E-9503-35073CBC9FD7}" = rport=5355 \| protocol=17 \| dir=out \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{4D531F52-9ED7-4AC3-8B02-666ED9544920}" = rport=10243 \| protocol=6 \| dir=out \| app=system \| "{519120C7-FDC8-4658-86BB-422E4AE4CAA3}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{51BE485E-53D1-49D9-BC47-F1C1113FB819}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{55F32837-B333-4E6E-A7AB-2D4197B26389}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{5936F2B6-B70F-4069-BBE2-113AC3967B1D}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{62EDBC6A-7456-4EC9-B4FD-0C06E9D1DB3B}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{63872D1F-0C71-4B56-8E51-962740BC44D8}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{721EEF22-DED1-46ED-8F17-E2B021548DB0}" = rport=2177 \| protocol=6 \| dir=out \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{766239DD-9A97-40B4-ADFE-53E3AEC49330}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{7C44E6E5-D3B2-45AD-A892-2D217C88114C}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdrespub \| app=%systemroot%\system32\svchost.exe \| "{8592AD82-9945-4F64-B596-3B9D87E56760}" = lport=6004 \| protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\outlook.exe \| "{877F92B5-7AF0-499B-ACB4-463F7D31A80B}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{96E7DD9E-52D6-4716-AF49-21898743EB2F}" = lport=5355 \| protocol=17 \| dir=in \| svc=dnscache \| app=%systemroot%\system32\svchost.exe \| "{9751C85E-5286-4843-BBDB-C63A6A3E088C}" = lport=63999 \| protocol=6 \| dir=in \| name=akamai netsession interface \| "{9D1BB53D-F90E-428A-B83D-DADC159763B1}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{A10E7E07-3861-473F-9490-FD6D4C357970}" = rport=1900 \| protocol=17 \| dir=out \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{A691DD06-D4CC-49D9-A188-0D41B02985F6}" = rport=3702 \| protocol=17 \| dir=out \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{B934CF7C-19F3-4457-87AC-B6BC50CD2FD4}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=%systemroot%\system32\svchost.exe \| "{BD77AE7C-A538-4DB1-8F27-08999B9ED199}" = lport=2177 \| protocol=17 \| dir=in \| svc=qwave \| app=%systemroot%\system32\svchost.exe \| "{BFAA6082-4E1D-4420-8D59-233A08F16F7C}" = lport=32062 \| protocol=17 \| dir=in \| name=fsinn \| "{C313E8AD-DF89-4625-A733-51B0FDD48EFB}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{C47C6749-9BAB-4B34-AA6D-E476E8EF1E09}" = lport=808 \| protocol=6 \| dir=in \| svc=nettcpactivator \| app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe \| "{C6C5CC41-4809-4124-B94F-081DAF0EEFEF}" = lport=2869 \| protocol=6 \| dir=in \| app=system \| "{E997635C-D979-4A3B-827E-B46BC2529894}" = lport=3702 \| protocol=17 \| dir=in \| svc=fdphost \| app=%systemroot%\system32\svchost.exe \| "{E9977BCC-5A8D-4787-9CFF-E73AB1D94F66}" = lport=10243 \| protocol=6 \| dir=in \| app=system \| [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00B55C33-ECD7-44BF-AC6B-6068AF4CD29A}" = protocol=6 \| dir=in \| app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe \| "{05282E40-3227-4569-B8B0-85171792202D}" = dir=in \| app=c:\program files\skype\phone\skype.exe \| "{0B2A84F8-94E0-454D-907A-5844FE9E84C6}" = protocol=17 \| dir=in \| app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe \| "{0D188856-5A03-4BB7-8C70-E7A4DC907E91}" = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\groove.exe \| "{18E5A894-AEB4-4982-9959-AA8C49DD2723}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{1974FD44-CFD2-43E0-A228-6D56A1DAFA25}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{1DC9C853-8C8D-4144-8C76-B78448CA733F}" = protocol=17 \| dir=in \| app=c:\program files\teamviewer\version6\teamviewer.exe \| "{2402FC5F-BBEE-4F1B-919F-F84B1A237BEE}" = protocol=6 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{3B433FEB-7442-4F6E-B814-C8D230B4C610}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{4E259B9E-81FC-45BA-891C-B173DDDB56C3}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{55264589-6F72-4051-BA44-0BFC98C82CBA}" = protocol=6 \| dir=out \| app=system \| "{571B34EE-8514-4C55-BBA2-2D8820A4A989}" = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{5B51C56A-49A6-4571-B537-3AA59458F7A7}" = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{60F9A68A-E5D0-4276-B540-C134B665A12A}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{646BC69B-16D9-44D6-9BF7-C15C7BA050B4}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{664092E1-3E69-49C2-A780-4BD9FDBE7DFE}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{726B8EC9-A4F3-4F36-B3E2-F900CB56CB96}" = protocol=6 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{785C2166-C74E-450C-B8B4-2B5184C2BAB1}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{804ECC22-B403-4B7C-87E6-543C1A082FB3}" = protocol=6 \| dir=in \| app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe \| "{820B60A9-DE19-4EC0-9C44-B485BD673193}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{888CDF3A-47AD-48D7-B323-EB91F4612AAD}" = protocol=17 \| dir=in \| app=c:\users\christian lederer\appdata\local\akamai\netsession_win.exe \| "{88F630AE-1D0C-408E-B01F-049F70A5BBA5}" = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\groove.exe \| "{9BEEBA3A-B45C-48BD-B723-F3BAFECD6556}" = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{ABC4864F-0AB6-4DB9-B1B9-D0D3F31C71FA}" = protocol=6 \| dir=in \| app=c:\program files\teamviewer\version6\teamviewer.exe \| "{B08A7A1E-2044-4685-BC66-7EFEF69FEBD1}" = protocol=6 \| dir=out \| svc=upnphost \| app=%systemroot%\system32\svchost.exe \| "{C25787DD-05E4-466C-959C-EC2614F1574B}" = protocol=6 \| dir=in \| app=c:\users\christian lederer\appdata\local\akamai\netsession_win.exe \| "{C7388D2B-1916-4371-8EBB-7DF09EE61994}" = protocol=17 \| dir=in \| app=c:\program files\teamviewer\version6\teamviewer_service.exe \| "{D7AF9381-5AD2-45EB-9968-4256C7EE46E0}" = protocol=6 \| dir=in \| app=c:\program files\teamviewer\version6\teamviewer_service.exe \| "{DEDE359D-D7E3-41A3-9EB9-9BD0554D6F7F}" = protocol=17 \| dir=in \| app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe \| "{E52A669C-4042-4E3A-8EF6-C8330DD7A409}" = protocol=17 \| dir=in \| app=c:\program files\itunes\itunes.exe \| "{EA50D40F-4845-4929-BF53-DEF6B1D4F27F}" = protocol=17 \| dir=out \| app=%programfiles%\windows media player\wmpnetwk.exe \| "{EE89DB84-93D9-4BAE-973E-0CD9A98EADA4}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{F329F406-C1CA-4BCE-97F8-C01C4FB98727}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{F48F4517-1B34-4F37-9149-9826F700C2B1}" = protocol=17 \| dir=in \| app=%programfiles%\windows media player\wmplayer.exe \| "{F98A340E-C96C-4613-8F18-C9FE4382F86C}" = protocol=6 \| dir=out \| app=%programfiles%\windows media player\wmplayer.exe \| "{FDCA32CA-24B0-4941-BBA1-10A34A653EC9}" = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "TCP Query User{12AB634B-AB97-49C0-9E1E-AE63D6F43F55}D:\cs\hl.exe" = protocol=6 \| dir=in \| app=d:\cs\hl.exe \| "TCP Query User{4835E2EA-936E-47F9-8DCF-56B10BA0742D}C:\users\christian lederer\appdata\local\mobione studio\mobione 1.1.3\mobione.exe" = protocol=6 \| dir=in \| app=c:\users\christian lederer\appdata\local\mobione studio\mobione 1.1.3\mobione.exe \| "TCP Query User{4DB2BA52-0C7C-47FB-BFFB-66974852C30B}C:\program files\phonostar\ps_olect.exe" = protocol=6 \| dir=in \| app=c:\program files\phonostar\ps_olect.exe \| "TCP Query User{5792BB78-101F-4961-8986-7E08C6767E39}F:\anwendungen\wiki\zenoreader.exe" = protocol=6 \| dir=in \| app=f:\anwendungen\wiki\zenoreader.exe \| "TCP Query User{5B4575E6-E8C5-4E0B-884D-A9869B0151B7}D:\flugsimulator\fsfdt\fwinn\fwinn.exe" = protocol=6 \| dir=in \| app=d:\flugsimulator\fsfdt\fwinn\fwinn.exe \| "TCP Query User{65921FC7-7857-4BAF-8917-B06E7FF1C571}D:\spiele\motogp ii\motogp2.exe" = protocol=6 \| dir=in \| app=d:\spiele\motogp ii\motogp2.exe \| "TCP Query User{65B44129-FB03-4877-A418-0EFF82C1ABE8}D:\cs\hltv.exe" = protocol=6 \| dir=in \| app=d:\cs\hltv.exe \| "TCP Query User{69C13A5E-AE7D-4493-838F-E1D8D25312AB}D:\flugsimulator\fsfdt\fwinn\fwinn.exe" = protocol=6 \| dir=in \| app=d:\flugsimulator\fsfdt\fwinn\fwinn.exe \| "TCP Query User{77864EBC-6F74-47A3-B02F-A92A0C635CD0}E:\dvdcdsharing\remoteinstallmacosx.exe" = protocol=6 \| dir=in \| app=e:\dvdcdsharing\remoteinstallmacosx.exe \| "TCP Query User{893037B8-7566-47DC-85B0-771CC7DF2E13}C:\users\christian lederer\appdata\local\akamai\netsession_win.exe" = protocol=6 \| dir=in \| app=c:\users\christian lederer\appdata\local\akamai\netsession_win.exe \| "TCP Query User{8F865E95-9156-47FE-A602-A560450CCE10}F:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe" = protocol=6 \| dir=in \| app=f:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe \| "TCP Query User{9B66F0CD-EF3E-4537-87E5-FF6A395D89C8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "TCP Query User{A97465F3-4FFB-4BF9-84FE-A9E3C5091ABF}D:\flugsimulator\fsfdt\control panel\fsfdtcp.exe" = protocol=6 \| dir=in \| app=d:\flugsimulator\fsfdt\control panel\fsfdtcp.exe \| "TCP Query User{ABC241B5-E939-4A3E-AB45-C06EBD56BA26}D:\flugsimulator\flight simulator 9\fs9.exe" = protocol=6 \| dir=in \| app=d:\flugsimulator\flight simulator 9\fs9.exe \| "TCP Query User{AC6CD6E0-18EB-4A2A-A405-85FB401B1E03}C:\program files\mozilla firefox\firefox.exe" = protocol=6 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "TCP Query User{B4E545D9-1EB7-401E-8B15-DD25CA38290B}D:\flugsimulator\flight simulator 9\fs9.exe" = protocol=6 \| dir=in \| app=d:\flugsimulator\flight simulator 9\fs9.exe \| "TCP Query User{BD9F3800-CBCC-48FE-A3E7-B4380F88804F}I:\spiele\spiele\srs racing\bin\srs.exe" = protocol=6 \| dir=in \| app=i:\spiele\spiele\srs racing\bin\srs.exe \| "TCP Query User{C69E92F6-8B32-487F-BFDB-6E816EF5D26F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 \| dir=in \| app=c:\program files\java\jre6\bin\javaw.exe \| "TCP Query User{D581B578-EDDC-4378-80E3-C342098923AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 \| dir=in \| app=c:\program files\java\jre6\bin\javaw.exe \| "TCP Query User{F27EA181-EE61-458B-BC8F-2758A7F17684}C:\windows\system32\dpnsvr.exe" = protocol=6 \| dir=in \| app=c:\windows\system32\dpnsvr.exe \| "TCP Query User{F90D809C-1717-45B0-997F-C30565A586E0}F:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe" = protocol=6 \| dir=in \| app=f:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe \| "TCP Query User{FA655F07-033E-464A-BF52-32BF00CA6914}C:\windows\system32\dpnsvr.exe" = protocol=6 \| dir=in \| app=c:\windows\system32\dpnsvr.exe \| "TCP Query User{FDD68F27-37B3-414D-BBFF-B0BECB13D027}D:\flugsimulator\fsfdt\control panel\fsfdtcp.exe" = protocol=6 \| dir=in \| app=d:\flugsimulator\fsfdt\control panel\fsfdtcp.exe \| "UDP Query User{0B318B0B-5D50-4B07-893A-75C1AD9D6F47}C:\windows\system32\dpnsvr.exe" = protocol=17 \| dir=in \| app=c:\windows\system32\dpnsvr.exe \| "UDP Query User{154A7964-0634-4E38-B2BC-684B19C39E8A}C:\windows\system32\dpnsvr.exe" = protocol=17 \| dir=in \| app=c:\windows\system32\dpnsvr.exe \| "UDP Query User{18C7C941-CC1B-4480-AC4D-252CD8EF7ACC}D:\cs\hl.exe" = protocol=17 \| dir=in \| app=d:\cs\hl.exe \| "UDP Query User{34D5A5F9-C4FC-43F0-BAA0-B429501F0134}F:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe" = protocol=17 \| dir=in \| app=f:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe \| "UDP Query User{41B71F4C-9835-4B3B-8AAC-D583176A9AB0}D:\cs\hltv.exe" = protocol=17 \| dir=in \| app=d:\cs\hltv.exe \| "UDP Query User{491CD6A9-CBF5-4C33-9A63-B9283F74D51F}I:\spiele\spiele\srs racing\bin\srs.exe" = protocol=17 \| dir=in \| app=i:\spiele\spiele\srs racing\bin\srs.exe \| "UDP Query User{4E36DBEF-E726-48E8-9053-6ACFD16C1323}C:\program files\phonostar\ps_olect.exe" = protocol=17 \| dir=in \| app=c:\program files\phonostar\ps_olect.exe \| "UDP Query User{5734EE33-FE95-44EB-9664-0700D523D2F2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "UDP Query User{59C9A8FF-29F7-4548-877E-83D75BD819B1}D:\flugsimulator\fsfdt\control panel\fsfdtcp.exe" = protocol=17 \| dir=in \| app=d:\flugsimulator\fsfdt\control panel\fsfdtcp.exe \| "UDP Query User{5AE37C8D-BA2C-444D-9A40-14DF313DF864}D:\flugsimulator\flight simulator 9\fs9.exe" = protocol=17 \| dir=in \| app=d:\flugsimulator\flight simulator 9\fs9.exe \| "UDP Query User{61453A6B-24B3-423E-B133-16FD66DC4AD2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 \| dir=in \| app=c:\program files\java\jre6\bin\javaw.exe \| "UDP Query User{6940265F-0EA5-48F2-A244-C18460F195A5}D:\flugsimulator\fsfdt\fwinn\fwinn.exe" = protocol=17 \| dir=in \| app=d:\flugsimulator\fsfdt\fwinn\fwinn.exe \| "UDP Query User{79D3DFB6-79B1-4268-B9DC-AD9F795C6136}C:\users\christian lederer\appdata\local\mobione studio\mobione 1.1.3\mobione.exe" = protocol=17 \| dir=in \| app=c:\users\christian lederer\appdata\local\mobione studio\mobione 1.1.3\mobione.exe \| "UDP Query User{7F1FA9B9-6F1D-435D-9389-416243EEF6E3}D:\flugsimulator\fsfdt\fwinn\fwinn.exe" = protocol=17 \| dir=in \| app=d:\flugsimulator\fsfdt\fwinn\fwinn.exe \| "UDP Query User{875CFC8C-251B-465D-8B0A-487BFD83F1E5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 \| dir=in \| app=c:\program files\mozilla firefox\firefox.exe \| "UDP Query User{8F295A4D-F656-479B-8F16-810965B31A57}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 \| dir=in \| app=c:\program files\java\jre6\bin\javaw.exe \| "UDP Query User{A3410475-9832-43C9-8879-D9E90A2098E0}F:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe" = protocol=17 \| dir=in \| app=f:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe \| "UDP Query User{B1F4DBDD-CB8F-4CE1-8C02-46EE8C392DFA}F:\anwendungen\wiki\zenoreader.exe" = protocol=17 \| dir=in \| app=f:\anwendungen\wiki\zenoreader.exe \| "UDP Query User{B736E8D7-1E5A-4E90-8329-26D7C6B594D0}C:\users\christian lederer\appdata\local\akamai\netsession_win.exe" = protocol=17 \| dir=in \| app=c:\users\christian lederer\appdata\local\akamai\netsession_win.exe \| "UDP Query User{BD5DCA25-F2A7-4E16-B918-2B6C1DE707B6}E:\dvdcdsharing\remoteinstallmacosx.exe" = protocol=17 \| dir=in \| app=e:\dvdcdsharing\remoteinstallmacosx.exe \| "UDP Query User{BFF57733-7220-4A54-ABE1-31F5174C6CB2}D:\flugsimulator\flight simulator 9\fs9.exe" = protocol=17 \| dir=in \| app=d:\flugsimulator\flight simulator 9\fs9.exe \| "UDP Query User{C1FE995C-BF57-463E-8248-B4CCA986BDAF}D:\spiele\motogp ii\motogp2.exe" = protocol=17 \| dir=in \| app=d:\spiele\motogp ii\motogp2.exe \| "UDP Query User{DE6BD1BD-0C97-4944-8E02-98A964E1F14B}D:\flugsimulator\fsfdt\control panel\fsfdtcp.exe" = protocol=17 \| dir=in \| app=d:\flugsimulator\fsfdt\control panel\fsfdtcp.exe \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{02F211DA-568C-4E90-A7CC-DE7CDEAA2FA5}_is1" = Das Wein-Imperium 1.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{0705EEB6-2F15-4D19-B37D-84C953E93D18}" = aerosoft's - German Airports 2 X - FS2004 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D205BAC-3B16-4770-9BBD-FF5F0BEDA193}" = aerosoft's - MyTraffic 2006 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{0FC39141-1BB8-4C29-9D74-A6710131B74F}" = aerosoft's - Madrid 2008 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{1C80DD6F-0BFF-4177-97E0-4A2DD831FD62}" = aerosoft's - German Airports 1 Bundle - FS2004 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{34BDC9DA-9320-491C-AA40-B0D98A0EBA9C}" = aerosoft's - Mega Airport Frankfurt - FS2004 "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1 "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5AEB54C5-FF4A-4CCF-A51C-BB9C3DD56E05}" = aerosoft's - France 2 - FS2004 "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX "{6022B4FC-4698-4A62-B9FD-54809A9E06F8}" = MPM "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{68ACDE46-2B55-4CD3-981F-4816998AC5D0}" = aerosoft's - German Airports 4 Bundle - FS2004 "{6AF1A4E5-0166-4496-AE31-1D66EBD96FF7}" = OffiSync "{6C06AC26-DBD1-46E5-9863-33E7633566E5}" = ActiveSky Version 6 and ActiveSky Graphics "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5 "{8133D88C-C6F0-4D1A-962E-C3F57D0AB117}" = ODF Add-in for Microsoft Office "{82BEEB3F-D0BF-42EE-8739-F4827C4805B7}" = VirtualDJ PRO Full "{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7B4ACF2-5A81-44F4-8253-9211A3B8AFA8}-FS2004" = aerosoft's - Wonderful Madeira - FS2004 "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AA755AA7-B941-48A0-828C-7F43975E3EDE}_is1" = XAcars for Microsoft Flightsimulator "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch "{AD9B3D15-8C5E-4E32-BF82-4D5556B9CFA3}" = aerosoft's - Balearen-Gibraltar - FS2004 "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp-Dienste "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software "{C05BC4CD-C001-37E7-939C-3392604DFBEF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types "{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{C9F9BEAE-3963-41D3-B970-CA60C6A71179}" = HP Officejet K7100 Series Toolbox "{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{d1ef8f26-03c4-4455-b23a-da93f0f4d915}" = Nero 9 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE "{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}" = Nuance PDF Professional 5 "{ECE1939E-3491-409E-87B7-E7DF65E7B909}" = aerosoft's - German Airports 3 Bundle - FS2004 "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2D89E72-2A46-42ED-ABDB-1F93E5918807}" = Just Flight - 757 Captain FS2004 "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{FB5F0D16-9973-4B62-A249-8A83A51F1D14}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows-Treiberpaket - Intel (e1yexpress) Net (07/16/2008 9.52.10.0) "0A86889A63334895E2898E1C618451C13E8BEC74" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122) "1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows-Treiberpaket - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3) "1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows-Treiberpaket - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) "2A220AD1D71245D60F803E0D8C463ABFFE7C6244" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0) "2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows-Treiberpaket - Intel (E1G60) Net (01/08/2008 8.3.9.0) "3A712FAD839A90C4CD37CE06FA695DCC4E91A52F" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0) "4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) "5A42EC04483B9307C1A29CDA2199268A7A8FA52D" = Windows-Treiberpaket - Atheros Communications Inc. Net (09/18/2008 7.6.1.122) "5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) "627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows-Treiberpaket - Intel Net (11/07/2007 8.10.1.0) "675AAC36E980D647C94EAFFB2F929F247E711708" = Windows-Treiberpaket - Intel Net (07/22/2008 10.3.45.0) "695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112) "75B57AFB407D191B0DAEF05EE9665A5A86701A9A" = Windows-Treiberpaket - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26) "78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows-Treiberpaket - Intel Net (02/06/2008 9.12.18.0) "7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows-Treiberpaket - Intel Net (08/05/2008 10.3.49.0) "82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) "8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112) "9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) "9747248FCA6A074E791AABC17F527823A8225756" = Windows-Treiberpaket - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) "A06888013552B918232820F81FDBA706F5CAAD39" = Windows-Treiberpaket - Intel Net (06/13/2008 9.52.9.0) "AD3493E108434977125BBF78F47699626F8AF64B" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.70 "Akamai" = Akamai NetSession Interface Service "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Artisteer 2" = Artisteer 2 "ATR_72500" = Flight One ATR 72-500 "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows-Treiberpaket - Intel (e1express) Net (02/06/2008 9.12.17.0) "B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) "C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) "D7BD0CDD4F84752390916F44F40574507E36FE5E" = Windows-Treiberpaket - Apple Inc. (applebt) Bluetooth (01/19/2009 2.1.2.1) "DCEFA559AE3275AB4F80389685E1BD3D978A5707" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8) "DD660B87FBFA46A1E99C15466EA26AA41E678250" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0) "Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11 "ENTERPRISE" = Microsoft Office Enterprise 2007 "EPSON Printer and Utilities" = EPSON-Drucker-Software "Euro Truck Simulator" = Euro Truck Simulator 1.1 "F24CB85E5983448F6319803791DEACED91E6565B" = Windows-Treiberpaket - Apple Inc. System (08/22/2008 2.1.1.1) "FILEminimizer Pictures_is1" = FILEminimizer Pictures "FileZilla Client" = FileZilla Client 3.3.4.1 "Flight Crew X (Download Version)" = Flight Crew X (Download Version) "Flight Crew X: FS9 Version" = Flight Crew X: FS9 Version "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt "Free Studio_is1" = Free Studio version 5.2.1 "FSFDT FSCopilot" = FSFDT FSCopilot "FSFDT FSInn" = FSFDT FSInn "Inkscape" = Inkscape 0.48.1 "JDownloader" = JDownloader "MAGIX Filme auf DVD 9 D" = MAGIX Filme auf DVD 9 9.0.0.12 (D) "MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9 "MAGIX Online Druck Service D" = MAGIX Online Druck Service "MAGIX Screenshare D" = MAGIX Screenshare "MAGIX Speed burnR D" = MAGIX Speed burnR "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU "Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24) "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "PartyPoker" = PartyPoker "phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.0 "PokerStars" = PokerStars "ProInst" = Intel PROSet Wireless "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "RaneAsioSL2_is1" = Rane SL 2 (ver. 1.0.0a6) "RTL Winter Sports 2009" = RTL Winter Sports 2009 "Shockwave" = Shockwave "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) "ST6UNST #1" = Visual Basic 6.0 Runtime&Steuerelemente "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamViewer 6" = TeamViewer 6 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Victory 301USB Normal Version_is1" = Victory 301USB version 5.351 "VLC media player" = VLC media player 1.0.5 "WinRAR archiver" = WinRAR "WinZip" = WinZip [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Airbus Series Vol.1 Deluxe (FS2004)" = Airbus Series Vol.1 Deluxe (FS2004) "Akamai" = Akamai NetSession Interface [color=#E56717]========== Last 10 Event Log Errors ==========[/color] Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >

08.12.2011, 09:52 gangren Member Beiträge: 420	#2 Hi Bitte alle Tools, die wir einsetzen mit Rechtsklick "Als Administrator starten" ausführen. 1. Installiere Malwarebytes http://www.malwarebytes.org/ (Download Now) lasse die Aktualisierung zu, führe einen Quick Scan durch, lasse evtl. Funde von Malwarebytes entfernen und poste anschließend das Log.

08.12.2011, 10:26 CLedy Member Themenstarter Beiträge: 42	#3 Tools wurden als Admin ausgeführt. Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8332 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 08.12.2011 10:25:16 mbam-log-2011-12-08 (10-25-16).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 207036 Laufzeit: 10 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iTunes.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\onweretetr.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\onweretetr.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

08.12.2011, 15:23 gangren Member Beiträge: 420	#4 Gut, als nächstes: 1. Lade aswmbr von avast! herunter http://public.avast.com/~gmerek/aswMBR.exe Starte das Programm wähle "Ja" bei der Frage nach avast-Engine. Klicke auf Scan Klicke nach dem Scan auf Save Log, speichere es ab und poste es bitte hier (nichts "Fixen")

08.12.2011, 17:44 CLedy Member Themenstarter Beiträge: 42	#5 AVAST Log aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-12-08 17:06:15 ----------------------------- 17:06:15.831 OS Version: Windows 6.0.6002 Service Pack 2 17:06:15.831 Number of processors: 2 586 0x1706 17:06:15.831 ComputerName: CHRISTIANLED-PC UserName: 17:06:51.508 Initialize success 17:10:56.555 AVAST engine defs: 11120800 17:11:05.307 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 17:11:05.322 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3 17:11:07.350 Disk 0 MBR read successfully 17:11:07.350 Disk 0 MBR scan 17:11:07.381 Disk 0 unknown MBR code 17:11:07.397 Disk 0 scanning sectors +625139704 17:11:07.491 Disk 0 scanning C:\Windows\system32\drivers 17:11:32.669 Service scanning 17:11:33.995 Service sptd C:\Windows\System32\Drivers\sptd.sys LOCKED 32 17:11:34.681 Modules scanning 17:11:42.091 Disk 0 trace - called modules: 17:11:42.123 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85c311f8]<< 17:11:42.138 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eea850] 17:11:42.154 3 CLASSPNP.SYS[8b1a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85ca6b98] 17:11:42.154 \Driver\atapi[0x85ca3230] -> IRP_MJ_CREATE -> 0x85c311f8 17:11:43.636 AVAST engine scan C:\Windows 17:11:49.626 AVAST engine scan C:\Windows\system32 17:17:22.530 AVAST engine scan C:\Windows\system32\drivers 17:17:44.339 AVAST engine scan C:\Users\Christian Lederer 17:29:47.998 AVAST engine scan C:\ProgramData 17:34:05.513 Scan finished successfully 17:42:48.111 Disk 0 MBR has been saved successfully to "C:\Users\Christian Lederer\Desktop\BProtectus\MBR.dat" 17:42:48.127 The log file has been saved successfully to "C:\Users\Christian Lederer\Desktop\BProtectus\aswMBR.txt"

08.12.2011, 18:15 gangren Member Beiträge: 420	#6 Das sieht nicht gut aus. 1. TDSSKiller http://support.kaspersky.com/de/downloads/utils/tdsskiller.zip Extrahiere die Zip-Datei auf den Desktop (die tdsskiller.exe soll direkt auf dem Desktop liegen, nicht in einem Ordner). Starte tdsskiller.exe und klicke auf "Start Scan" Wenn infizierte Dateien gefunden wurden, belasse die Einstellungen so wie sie sind und klicle auf "Continue". Wenn nach einem Neustart verlangt wird, klicke auf "Reboot Now". Wenn kein Neustart verlangt wird, klicke auf "Report" und poste bitte das Log. Wenn Neustart verlangt wird, kann das Log unter C:\TDSSKiller....log.txt gefunden werden, poste es bitte.

08.12.2011, 22:52 CLedy Member Themenstarter Beiträge: 42	#7 Zitat Das sieht nicht gut aus. na ich hoffe es besteht noch Hoffnung... Einstellung habe ich belassen, lediglich den Report habe ich erstellt. Neustart wurde nicht verlangt. 22:49:04.0632 3472 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06 22:49:05.0818 3472 ============================================================ 22:49:05.0833 3472 Current date / time: 2011/12/08 22:49:05.0818 22:49:05.0833 3472 SystemInfo: 22:49:05.0833 3472 22:49:05.0833 3472 OS Version: 6.0.6002 ServicePack: 2.0 22:49:05.0833 3472 Product type: Workstation 22:49:05.0833 3472 ComputerName: CHRISTIANLED-PC 22:49:05.0833 3472 UserName: Christian Lederer 22:49:05.0833 3472 Windows directory: C:\Windows 22:49:05.0833 3472 System windows directory: C:\Windows 22:49:05.0833 3472 Processor architecture: Intel x86 22:49:05.0833 3472 Number of processors: 2 22:49:05.0833 3472 Page size: 0x1000 22:49:05.0833 3472 Boot type: Normal boot 22:49:05.0833 3472 ============================================================ 22:49:07.0050 3472 Initialize success 22:49:09.0983 2892 ============================================================ 22:49:09.0983 2892 Scan started 22:49:09.0983 2892 Mode: Manual; 22:49:09.0983 2892 ============================================================ 22:49:10.0981 2892 acedrv11 (27f954120babb8a00f8745d8f5bc9b82) C:\Windows\system32\drivers\acedrv11.sys 22:49:11.0044 2892 acedrv11 - ok 22:49:11.0215 2892 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 22:49:11.0215 2892 ACPI - ok 22:49:11.0324 2892 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 22:49:11.0356 2892 adp94xx - ok 22:49:11.0449 2892 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 22:49:11.0465 2892 adpahci - ok 22:49:11.0527 2892 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 22:49:11.0558 2892 adpu160m - ok 22:49:11.0699 2892 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 22:49:11.0714 2892 adpu320 - ok 22:49:11.0792 2892 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 22:49:11.0792 2892 Afc - ok 22:49:11.0980 2892 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 22:49:12.0011 2892 AFD - ok 22:49:12.0151 2892 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 22:49:12.0167 2892 agp440 - ok 22:49:12.0245 2892 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 22:49:12.0260 2892 aic78xx - ok 22:49:12.0292 2892 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 22:49:12.0307 2892 aliide - ok 22:49:12.0463 2892 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 22:49:12.0463 2892 amdagp - ok 22:49:12.0650 2892 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 22:49:12.0650 2892 amdide - ok 22:49:12.0682 2892 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 22:49:12.0682 2892 AmdK7 - ok 22:49:12.0791 2892 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 22:49:12.0806 2892 AmdK8 - ok 22:49:12.0962 2892 AppleHFS (9c53678460957ec8f2f5dd5facb0a2bb) C:\Windows\system32\drivers\AppleHFS.sys 22:49:12.0978 2892 AppleHFS - ok 22:49:13.0009 2892 AppleMNT (ed4a92c3dd252493099b4791562ed3d2) C:\Windows\system32\drivers\AppleMNT.sys 22:49:13.0025 2892 AppleMNT - ok 22:49:13.0087 2892 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 22:49:13.0103 2892 arc - ok 22:49:13.0212 2892 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 22:49:13.0228 2892 arcsas - ok 22:49:13.0321 2892 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 22:49:13.0321 2892 AsyncMac - ok 22:49:13.0430 2892 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 22:49:13.0430 2892 atapi - ok 22:49:13.0586 2892 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys 22:49:13.0602 2892 atksgt - ok 22:49:13.0789 2892 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys 22:49:13.0805 2892 avgntflt - ok 22:49:13.0961 2892 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys 22:49:13.0976 2892 avipbb - ok 22:49:14.0101 2892 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 22:49:14.0117 2892 avkmgr - ok 22:49:14.0210 2892 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 22:49:14.0226 2892 Beep - ok 22:49:14.0320 2892 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 22:49:14.0335 2892 blbdrive - ok 22:49:14.0413 2892 BMserDiag (b900d52bd62b19f086eba674911a9aec) C:\Windows\system32\DRIVERS\BMserDiag.sys 22:49:14.0429 2892 BMserDiag - ok 22:49:14.0616 2892 BMserNmea (b900d52bd62b19f086eba674911a9aec) C:\Windows\system32\DRIVERS\BMserNmea.sys 22:49:14.0632 2892 BMserNmea - ok 22:49:14.0741 2892 BMusbmdm (b900d52bd62b19f086eba674911a9aec) C:\Windows\system32\DRIVERS\BMusbmdm.sys 22:49:14.0772 2892 BMusbmdm - ok 22:49:14.0866 2892 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 22:49:14.0881 2892 bowser - ok 22:49:14.0959 2892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 22:49:14.0975 2892 BrFiltLo - ok 22:49:15.0053 2892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 22:49:15.0053 2892 BrFiltUp - ok 22:49:15.0100 2892 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 22:49:15.0115 2892 Brserid - ok 22:49:15.0162 2892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 22:49:15.0193 2892 BrSerWdm - ok 22:49:15.0318 2892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 22:49:15.0334 2892 BrUsbMdm - ok 22:49:15.0396 2892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 22:49:15.0412 2892 BrUsbSer - ok 22:49:15.0536 2892 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys 22:49:15.0552 2892 BthEnum - ok 22:49:15.0599 2892 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 22:49:15.0614 2892 BTHMODEM - ok 22:49:15.0724 2892 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 22:49:15.0724 2892 BthPan - ok 22:49:15.0880 2892 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys 22:49:15.0926 2892 BTHPORT - ok 22:49:16.0004 2892 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys 22:49:16.0020 2892 BTHUSB - ok 22:49:16.0098 2892 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 22:49:16.0114 2892 cdfs - ok 22:49:16.0254 2892 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 22:49:16.0270 2892 cdrom - ok 22:49:16.0332 2892 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 22:49:16.0348 2892 circlass - ok 22:49:16.0441 2892 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 22:49:16.0472 2892 CLFS - ok 22:49:16.0535 2892 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 22:49:16.0550 2892 CmBatt - ok 22:49:16.0675 2892 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 22:49:16.0722 2892 cmdide - ok 22:49:16.0769 2892 cmnsusbser (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys 22:49:16.0784 2892 cmnsusbser - ok 22:49:16.0862 2892 cm_ser (33f77f7cb2c2efe34b3bc9cc716f73f3) C:\Windows\system32\DRIVERS\cm_ser.sys 22:49:16.0894 2892 cm_ser - ok 22:49:16.0940 2892 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 22:49:16.0956 2892 Compbatt - ok 22:49:17.0096 2892 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 22:49:17.0112 2892 crcdisk - ok 22:49:17.0143 2892 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 22:49:17.0159 2892 Crusoe - ok 22:49:17.0237 2892 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 22:49:17.0268 2892 DfsC - ok 22:49:17.0440 2892 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 22:49:17.0455 2892 disk - ok 22:49:17.0502 2892 DNE (7efbafdec4f543d43296bdbdf912bdd4) C:\Windows\system32\DRIVERS\dne2000.sys 22:49:17.0549 2892 DNE - ok 22:49:17.0720 2892 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 22:49:17.0720 2892 drmkaud - ok 22:49:17.0845 2892 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 22:49:17.0845 2892 DXGKrnl - ok 22:49:18.0001 2892 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 22:49:18.0017 2892 E1G60 - ok 22:49:18.0157 2892 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 22:49:18.0220 2892 Ecache - ok 22:49:18.0360 2892 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 22:49:18.0376 2892 elxstor - ok 22:49:18.0438 2892 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 22:49:18.0454 2892 ErrDev - ok 22:49:18.0563 2892 ewusbnet - ok 22:49:18.0610 2892 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 22:49:18.0625 2892 exfat - ok 22:49:18.0797 2892 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 22:49:18.0844 2892 fastfat - ok 22:49:18.0906 2892 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 22:49:18.0953 2892 fdc - ok 22:49:19.0280 2892 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 22:49:19.0312 2892 FileInfo - ok 22:49:19.0514 2892 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 22:49:19.0514 2892 Filetrace - ok 22:49:19.0624 2892 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 22:49:19.0624 2892 flpydisk - ok 22:49:19.0686 2892 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 22:49:19.0717 2892 FltMgr - ok 22:49:19.0904 2892 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 22:49:19.0904 2892 Fs_Rec - ok 22:49:19.0936 2892 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 22:49:19.0951 2892 gagp30kx - ok 22:49:19.0998 2892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:49:19.0998 2892 GEARAspiWDM - ok 22:49:20.0201 2892 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 22:49:20.0248 2892 HdAudAddService - ok 22:49:20.0310 2892 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 22:49:20.0326 2892 HDAudBus - ok 22:49:20.0466 2892 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 22:49:20.0482 2892 HidBth - ok 22:49:20.0528 2892 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 22:49:20.0544 2892 HidIr - ok 22:49:20.0669 2892 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 22:49:20.0669 2892 HidUsb - ok 22:49:20.0809 2892 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 22:49:20.0825 2892 HpCISSs - ok 22:49:20.0887 2892 HSPADataCardusbmdm - ok 22:49:20.0918 2892 HSPADataCardusbnmea - ok 22:49:20.0934 2892 HSPADataCardusbser6k - ok 22:49:21.0074 2892 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 22:49:21.0106 2892 HTTP - ok 22:49:21.0215 2892 hwdatacard - ok 22:49:21.0246 2892 hwusbdev - ok 22:49:21.0293 2892 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 22:49:21.0308 2892 i2omp - ok 22:49:21.0449 2892 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 22:49:21.0464 2892 i8042prt - ok 22:49:21.0558 2892 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 22:49:21.0589 2892 iaStorV - ok 22:49:21.0667 2892 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 22:49:21.0683 2892 iirsp - ok 22:49:21.0917 2892 IntcAzAudAddService (9ed3cf7322a49dac3eca62bb9928ca54) C:\Windows\system32\drivers\RTKVHDA.sys 22:49:21.0964 2892 IntcAzAudAddService - ok 22:49:22.0057 2892 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 22:49:22.0073 2892 intelide - ok 22:49:22.0120 2892 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 22:49:22.0120 2892 intelppm - ok 22:49:22.0182 2892 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:49:22.0198 2892 IpFilterDriver - ok 22:49:22.0322 2892 IpInIp - ok 22:49:22.0385 2892 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 22:49:22.0400 2892 IPMIDRV - ok 22:49:22.0510 2892 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 22:49:22.0525 2892 IPNAT - ok 22:49:22.0619 2892 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 22:49:22.0666 2892 IRENUM - ok 22:49:22.0759 2892 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 22:49:22.0775 2892 isapnp - ok 22:49:22.0822 2892 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 22:49:22.0822 2892 iScsiPrt - ok 22:49:22.0962 2892 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 22:49:22.0962 2892 iteatapi - ok 22:49:23.0071 2892 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 22:49:23.0087 2892 iteraid - ok 22:49:23.0149 2892 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 22:49:23.0165 2892 kbdclass - ok 22:49:23.0243 2892 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 22:49:23.0258 2892 kbdhid - ok 22:49:23.0321 2892 KeyAgent (fdc1337afece8b79edf502595c2495fd) C:\Windows\system32\drivers\KeyAgent.sys 22:49:23.0321 2892 KeyAgent - ok 22:49:23.0461 2892 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 22:49:23.0477 2892 KMWDFILTER - ok 22:49:23.0539 2892 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 22:49:23.0570 2892 KSecDD - ok 22:49:23.0680 2892 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys 22:49:23.0695 2892 lirsgt - ok 22:49:23.0773 2892 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 22:49:23.0773 2892 lltdio - ok 22:49:23.0882 2892 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 22:49:23.0914 2892 LSI_FC - ok 22:49:23.0976 2892 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 22:49:23.0992 2892 LSI_SAS - ok 22:49:24.0070 2892 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 22:49:24.0085 2892 LSI_SCSI - ok 22:49:24.0132 2892 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 22:49:24.0148 2892 luafv - ok 22:49:24.0179 2892 MacHALDriver (12127a2a6ce664f5d9f3be0fdeb35e24) C:\Windows\system32\drivers\MacHALDriver.sys 22:49:24.0194 2892 MacHALDriver - ok 22:49:24.0288 2892 MBAMSwissArmy - ok 22:49:24.0366 2892 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 22:49:24.0382 2892 megasas - ok 22:49:24.0522 2892 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 22:49:24.0584 2892 MegaSR - ok 22:49:24.0616 2892 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 22:49:24.0631 2892 Modem - ok 22:49:24.0694 2892 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 22:49:24.0709 2892 monitor - ok 22:49:24.0756 2892 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 22:49:24.0772 2892 mouclass - ok 22:49:24.0834 2892 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 22:49:24.0834 2892 mouhid - ok 22:49:24.0974 2892 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 22:49:24.0990 2892 MountMgr - ok 22:49:25.0021 2892 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 22:49:25.0052 2892 mpio - ok 22:49:25.0099 2892 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 22:49:25.0115 2892 mpsdrv - ok 22:49:25.0271 2892 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 22:49:25.0302 2892 Mraid35x - ok 22:49:25.0396 2892 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 22:49:25.0427 2892 MRxDAV - ok 22:49:25.0552 2892 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:49:25.0567 2892 mrxsmb - ok 22:49:25.0676 2892 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:49:25.0708 2892 mrxsmb10 - ok 22:49:25.0832 2892 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:49:25.0848 2892 mrxsmb20 - ok 22:49:25.0973 2892 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 22:49:25.0988 2892 msahci - ok 22:49:26.0066 2892 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 22:49:26.0082 2892 msdsm - ok 22:49:26.0207 2892 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 22:49:26.0238 2892 Msfs - ok 22:49:26.0332 2892 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 22:49:26.0347 2892 msisadrv - ok 22:49:26.0425 2892 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 22:49:26.0441 2892 MSKSSRV - ok 22:49:26.0472 2892 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 22:49:26.0472 2892 MSPCLOCK - ok 22:49:26.0612 2892 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 22:49:26.0628 2892 MSPQM - ok 22:49:26.0737 2892 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 22:49:26.0768 2892 MsRPC - ok 22:49:26.0862 2892 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 22:49:26.0862 2892 mssmbios - ok 22:49:26.0971 2892 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 22:49:26.0971 2892 MSTEE - ok 22:49:27.0034 2892 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 22:49:27.0034 2892 Mup - ok 22:49:27.0143 2892 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 22:49:27.0158 2892 NativeWifiP - ok 22:49:27.0252 2892 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 22:49:27.0268 2892 NDIS - ok 22:49:27.0346 2892 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 22:49:27.0361 2892 NdisTapi - ok 22:49:27.0408 2892 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 22:49:27.0439 2892 Ndisuio - ok 22:49:27.0470 2892 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 22:49:27.0486 2892 NdisWan - ok 22:49:27.0564 2892 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 22:49:27.0564 2892 NDProxy - ok 22:49:27.0673 2892 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\Windows\system32\DRIVERS\netaapl.sys 22:49:27.0689 2892 Netaapl - ok 22:49:27.0782 2892 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 22:49:27.0798 2892 NetBIOS - ok 22:49:27.0876 2892 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 22:49:27.0892 2892 netbt - ok 22:49:28.0282 2892 NETw5v32 (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys 22:49:28.0531 2892 NETw5v32 - ok 22:49:28.0672 2892 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 22:49:28.0672 2892 nfrd960 - ok 22:49:28.0765 2892 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 22:49:28.0765 2892 Npfs - ok 22:49:28.0937 2892 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 22:49:28.0952 2892 nsiproxy - ok 22:49:29.0046 2892 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 22:49:29.0093 2892 Ntfs - ok 22:49:29.0249 2892 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 22:49:29.0249 2892 ntrigdigi - ok 22:49:29.0296 2892 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 22:49:29.0296 2892 Null - ok 22:49:29.0374 2892 NVHDA (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys 22:49:29.0389 2892 NVHDA - ok 22:49:29.0717 2892 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:49:30.0060 2892 nvlddmkm - ok 22:49:30.0169 2892 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 22:49:30.0185 2892 nvraid - ok 22:49:30.0247 2892 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 22:49:30.0247 2892 nvstor - ok 22:49:30.0294 2892 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 22:49:30.0310 2892 nv_agp - ok 22:49:30.0388 2892 NwlnkFlt - ok 22:49:30.0403 2892 NwlnkFwd - ok 22:49:30.0606 2892 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 22:49:30.0622 2892 ohci1394 - ok 22:49:30.0684 2892 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 22:49:30.0700 2892 Parport - ok 22:49:30.0793 2892 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 22:49:30.0824 2892 partmgr - ok 22:49:30.0902 2892 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 22:49:30.0902 2892 Parvdm - ok 22:49:31.0058 2892 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 22:49:31.0058 2892 pci - ok 22:49:31.0277 2892 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 22:49:31.0292 2892 pciide - ok 22:49:31.0324 2892 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 22:49:31.0370 2892 pcmcia - ok 22:49:31.0589 2892 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 22:49:31.0651 2892 PEAUTH - ok 22:49:31.0885 2892 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 22:49:31.0901 2892 PptpMiniport - ok 22:49:31.0932 2892 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 22:49:31.0948 2892 Processor - ok 22:49:32.0072 2892 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 22:49:32.0072 2892 PSched - ok 22:49:32.0228 2892 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 22:49:32.0291 2892 ql2300 - ok 22:49:32.0447 2892 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 22:49:32.0478 2892 ql40xx - ok 22:49:32.0556 2892 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 22:49:32.0587 2892 QWAVEdrv - ok 22:49:32.0665 2892 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 22:49:32.0712 2892 RasAcd - ok 22:49:32.0790 2892 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:49:32.0821 2892 Rasl2tp - ok 22:49:32.0915 2892 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 22:49:32.0915 2892 RasPppoe - ok 22:49:32.0946 2892 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 22:49:32.0962 2892 RasSstp - ok 22:49:33.0008 2892 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 22:49:33.0024 2892 rdbss - ok 22:49:33.0118 2892 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:49:33.0118 2892 RDPCDD - ok 22:49:33.0196 2892 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 22:49:33.0227 2892 rdpdr - ok 22:49:33.0242 2892 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 22:49:33.0242 2892 RDPENCDD - ok 22:49:33.0398 2892 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 22:49:33.0430 2892 RDPWD - ok 22:49:33.0617 2892 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys 22:49:33.0632 2892 RFCOMM - ok 22:49:33.0742 2892 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys 22:49:33.0757 2892 RsFx0105 - ok 22:49:33.0851 2892 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 22:49:33.0866 2892 rspndr - ok 22:49:33.0929 2892 RTL2831UBDA (c2e8418e223df747856258969e264416) C:\Windows\system32\drivers\RTL2831UBDA.sys 22:49:33.0944 2892 RTL2831UBDA - ok 22:49:34.0038 2892 RTL2831UUSB (8155bfc527085c536cd85db3646d82f6) C:\Windows\system32\Drivers\RTL2831UUSB.sys 22:49:34.0038 2892 RTL2831UUSB - ok 22:49:34.0132 2892 RTL2832UBDA (9f9acc7e0c86d7f2e29fcb6f949173e1) C:\Windows\system32\drivers\RTL2832UBDA.sys 22:49:34.0147 2892 RTL2832UBDA - ok 22:49:34.0272 2892 RTL2832UUSB (ad5774a01bd623b4e2ef42b82b13a3f0) C:\Windows\system32\Drivers\RTL2832UUSB.sys 22:49:34.0288 2892 RTL2832UUSB - ok 22:49:34.0366 2892 RTL2832U_IRHID (636f046efd77b22f7c95716895d172e2) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys 22:49:34.0366 2892 RTL2832U_IRHID - ok 22:49:34.0490 2892 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 22:49:34.0537 2892 sbp2port - ok 22:49:34.0615 2892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 22:49:34.0615 2892 secdrv - ok 22:49:34.0724 2892 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 22:49:34.0740 2892 Serenum - ok 22:49:34.0771 2892 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 22:49:34.0787 2892 Serial - ok 22:49:34.0818 2892 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 22:49:34.0834 2892 sermouse - ok 22:49:35.0021 2892 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 22:49:35.0036 2892 sffdisk - ok 22:49:35.0130 2892 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 22:49:35.0130 2892 sffp_mmc - ok 22:49:35.0208 2892 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 22:49:35.0208 2892 sffp_sd - ok 22:49:35.0255 2892 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 22:49:35.0255 2892 sfloppy - ok 22:49:35.0333 2892 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\Windows\system32\Drivers\SilvrLnk.sys 22:49:35.0364 2892 SilverLink - ok 22:49:35.0411 2892 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 22:49:35.0426 2892 sisagp - ok 22:49:35.0520 2892 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 22:49:35.0582 2892 SiSRaid2 - ok 22:49:35.0614 2892 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 22:49:35.0629 2892 SiSRaid4 - ok 22:49:35.0770 2892 SL2Usb (b6361977dd5d1cbc848c983e88444f6c) C:\Windows\system32\Drivers\SL2Usb.sys 22:49:35.0785 2892 SL2Usb - ok 22:49:35.0848 2892 SL2UsbNoSSL (e269c8786a0de4334d0db2d1db1463ff) C:\Windows\system32\Drivers\SL2UsbNoSSL.sys 22:49:35.0848 2892 SL2UsbNoSSL - ok 22:49:35.0910 2892 slabbus (70d7480eba6e5d2a1687809324237d98) C:\Windows\system32\DRIVERS\slabbus.sys 22:49:35.0926 2892 slabbus - ok 22:49:36.0066 2892 slabser (044c01804923a37e771a2b9750406979) C:\Windows\system32\DRIVERS\slabser.sys 22:49:36.0082 2892 slabser - ok 22:49:36.0191 2892 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 22:49:36.0222 2892 Smb - ok 22:49:36.0316 2892 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 22:49:36.0331 2892 spldr - ok 22:49:36.0440 2892 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys 22:49:36.0440 2892 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd 22:49:36.0440 2892 sptd ( LockedFile.Multi.Generic ) - warning 22:49:36.0440 2892 sptd - detected LockedFile.Multi.Generic (1) 22:49:36.0674 2892 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 22:49:36.0706 2892 srv - ok 22:49:36.0752 2892 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 22:49:36.0768 2892 srv2 - ok 22:49:36.0846 2892 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 22:49:36.0862 2892 srvnet - ok 22:49:36.0924 2892 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 22:49:36.0940 2892 ssmdrv - ok 22:49:37.0080 2892 strmdrvl (005b0ff43c61f8a2dbbcb90cef523dd9) C:\Windows\system32\Drivers\strmdrvl.sys 22:49:37.0096 2892 strmdrvl - ok 22:49:37.0205 2892 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 22:49:37.0220 2892 swenum - ok 22:49:37.0361 2892 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 22:49:37.0392 2892 Symc8xx - ok 22:49:37.0470 2892 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 22:49:37.0486 2892 Sym_hi - ok 22:49:37.0610 2892 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 22:49:37.0610 2892 Sym_u3 - ok 22:49:37.0766 2892 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 22:49:37.0860 2892 Tcpip - ok 22:49:37.0938 2892 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 22:49:37.0954 2892 Tcpip6 - ok 22:49:38.0000 2892 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 22:49:38.0000 2892 tcpipreg - ok 22:49:38.0094 2892 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 22:49:38.0110 2892 TDPIPE - ok 22:49:38.0188 2892 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 22:49:38.0203 2892 TDTCP - ok 22:49:38.0297 2892 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 22:49:38.0312 2892 tdx - ok 22:49:38.0390 2892 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 22:49:38.0406 2892 TermDD - ok 22:49:38.0593 2892 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:49:38.0609 2892 tssecsrv - ok 22:49:38.0734 2892 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 22:49:38.0749 2892 TuneUpUtilitiesDrv - ok 22:49:38.0905 2892 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 22:49:38.0921 2892 tunmp - ok 22:49:38.0968 2892 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 22:49:38.0983 2892 tunnel - ok 22:49:39.0077 2892 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 22:49:39.0108 2892 uagp35 - ok 22:49:39.0155 2892 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 22:49:39.0186 2892 udfs - ok 22:49:39.0280 2892 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 22:49:39.0295 2892 uliagpkx - ok 22:49:39.0326 2892 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 22:49:39.0358 2892 uliahci - ok 22:49:39.0389 2892 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 22:49:39.0404 2892 UlSata - ok 22:49:39.0529 2892 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 22:49:39.0560 2892 ulsata2 - ok 22:49:39.0592 2892 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 22:49:39.0607 2892 umbus - ok 22:49:39.0732 2892 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys 22:49:39.0763 2892 USBAAPL - ok 22:49:39.0826 2892 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 22:49:39.0841 2892 usbaudio - ok 22:49:39.0935 2892 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 22:49:39.0966 2892 usbccgp - ok 22:49:40.0028 2892 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 22:49:40.0044 2892 usbcir - ok 22:49:40.0184 2892 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 22:49:40.0184 2892 usbehci - ok 22:49:40.0262 2892 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 22:49:40.0278 2892 usbhub - ok 22:49:40.0418 2892 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 22:49:40.0434 2892 usbohci - ok 22:49:40.0481 2892 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 22:49:40.0496 2892 usbprint - ok 22:49:40.0606 2892 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:49:40.0606 2892 USBSTOR - ok 22:49:40.0668 2892 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 22:49:40.0699 2892 usbuhci - ok 22:49:40.0886 2892 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 22:49:40.0933 2892 usbvideo - ok 22:49:41.0027 2892 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 22:49:41.0042 2892 vga - ok 22:49:41.0105 2892 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 22:49:41.0120 2892 VgaSave - ok 22:49:41.0183 2892 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 22:49:41.0198 2892 viaagp - ok 22:49:41.0261 2892 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 22:49:41.0276 2892 ViaC7 - ok 22:49:41.0354 2892 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 22:49:41.0370 2892 viaide - ok 22:49:41.0401 2892 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 22:49:41.0417 2892 volmgr - ok 22:49:41.0557 2892 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 22:49:41.0604 2892 volmgrx - ok 22:49:41.0666 2892 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 22:49:41.0698 2892 volsnap - ok 22:49:41.0760 2892 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 22:49:41.0791 2892 vsmraid - ok 22:49:41.0932 2892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 22:49:41.0947 2892 WacomPen - ok 22:49:42.0025 2892 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:49:42.0025 2892 Wanarp - ok 22:49:42.0041 2892 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 22:49:42.0041 2892 Wanarpv6 - ok 22:49:42.0134 2892 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 22:49:42.0166 2892 Wd - ok 22:49:42.0244 2892 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 22:49:42.0275 2892 Wdf01000 - ok 22:49:42.0478 2892 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys 22:49:42.0493 2892 WmiAcpi - ok 22:49:42.0618 2892 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 22:49:42.0634 2892 WpdUsb - ok 22:49:42.0727 2892 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 22:49:42.0774 2892 ws2ifsl - ok 22:49:42.0914 2892 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:49:42.0946 2892 WUDFRd - ok 22:49:43.0070 2892 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys 22:49:43.0070 2892 yukonwlh - ok 22:49:43.0117 2892 MBR (0x1B8) (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0 22:49:44.0131 2892 \Device\Harddisk0\DR0 - ok 22:49:44.0162 2892 Boot (0x1200) (982265b7a820973067ff52eb95ab728a) \Device\Harddisk0\DR0\Partition0 22:49:44.0162 2892 \Device\Harddisk0\DR0\Partition0 - ok 22:49:44.0194 2892 Boot (0x1200) (69de3dbd00cab02b815691ed8e780ae1) \Device\Harddisk0\DR0\Partition1 22:49:44.0194 2892 \Device\Harddisk0\DR0\Partition1 - ok 22:49:44.0194 2892 ============================================================ 22:49:44.0194 2892 Scan finished 22:49:44.0194 2892 ============================================================ 22:49:44.0225 2516 Detected object count: 1 22:49:44.0225 2516 Actual detected object count: 1 22:50:06.0782 2516 sptd ( LockedFile.Multi.Generic ) - skipped by user 22:50:06.0782 2516 sptd ( LockedFile.Multi.Generic ) - User select action: Skip Zitat

10.12.2011, 11:59 gangren Member Beiträge: 420	#8 Die Hoffnung stirbt zuletzt. TDSSKiller hat nichts gefunden, mit ein bisschen Glück schlägt aswmbr nur wegen Daemon an. 1. DeFogger http://www.jpshortstuff.247fixes.com/Defogger.exe Starte das Programm und klicke auf "Disable" Bestätige mit "Yes" Nach der "Finished!" Nachricht klicke auf "OK" Es wird nach einem Neustartt gefragt, bestätige mit "OK" 2. FixTDSS http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe Starte das Programm und klicke auf "Start" Lasse ein Neustart zu wenn das Programm danach fragt. 3. Poste bitte ein frisches aswmbr Log. Alle Tools wie immer mit Rechtsklick "Als Administrator" starten, die Reihenfolge sollte eingehalten werden.

10.12.2011, 12:54 CLedy Member Themenstarter Beiträge: 42	#9 Meldung bei TDSS Fix Tool 2.1.3 --- Backdoor.Tidserv has not been found on your computer aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-12-10 12:55:30 ----------------------------- 12:55:30.330 OS Version: Windows 6.0.6002 Service Pack 2 12:55:30.330 Number of processors: 2 586 0x1706 12:55:30.330 ComputerName: CHRISTIANLED-PC UserName: 12:55:32.841 Initialize success 12:56:59.062 AVAST engine defs: 11120901 12:57:09.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 12:57:09.218 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3 12:57:11.246 Disk 0 MBR read successfully 12:57:11.246 Disk 0 MBR scan 12:57:11.277 Disk 0 unknown MBR code 12:57:11.277 Disk 0 scanning sectors +625139704 12:57:11.386 Disk 0 scanning C:\Windows\system32\drivers 12:57:28.609 Service scanning 12:57:30.528 Modules scanning 12:57:36.986 Disk 0 trace - called modules: 12:57:37.002 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS 12:57:37.017 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a2ac8] 12:57:37.017 3 CLASSPNP.SYS[8ad9f8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858648d8] 12:57:38.187 AVAST engine scan C:\Windows 12:57:43.819 AVAST engine scan C:\Windows\system32 13:02:00.111 AVAST engine scan C:\Windows\system32\drivers 13:02:37.068 AVAST engine scan C:\Users\Christian Lederer 13:14:58.099 AVAST engine scan C:\ProgramData 13:18:01.430 Scan finished successfully 13:28:37.426 Disk 0 MBR has been saved successfully to "C:\Users\Christian Lederer\Desktop\BProtectus\MBR.dat" 13:28:37.442 The log file has been saved successfully to "C:\Users\Christian Lederer\Desktop\BProtectus\aswMBR2.txt" Dieser Beitrag wurde am 10.12.2011 um 13:30 Uhr von CLedy editiert.

10.12.2011, 14:37 gangren Member Beiträge: 420	#10 Gut, es war nur Daemon, dieses Log ist sauber. Dann können wir ernst machen. 1. Folge nun bitte dieser Anleitung (und zwar genau) http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird und poste das Log.

10.12.2011, 18:30 CLedy Member Themenstarter Beiträge: 42	#11 Antivir hat 3 x mal angeschlagen, obwohl es deaktiviert war, wie geht das??? Habe alle 3 mal auf vertrauenswürdiges Programm gedrückt. ComboFix 11-12-10.01 - Christian Lederer 10.12.2011 17:49:54.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2040 [GMT 1:00] ausgeführt von:: c:\users\Christian Lederer\Desktop\ComboFix.exe AV: Avira Desktop Disabled/Updated {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop Disabled/Updated {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender Enabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\users\Christian Lederer_2\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system c:\users\Christian Lederer_2\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\Offisync-UserSettings.config c:\users\Christian Lederer_2\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\ostelbuf.dat c:\windows\unin0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2011-11-10 bis 2011-12-10 )))))))))))))))))))))))))))))) . . 2011-12-10 17:06 . 2011-12-10 17:06 -------- d-----w- c:\users\Rickmers\AppData\Local\temp 2011-12-10 17:06 . 2011-12-10 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-10 17:06 . 2011-12-10 17:06 -------- d-----w- c:\users\Christian Lederer_2\AppData\Local\temp 2011-12-10 17:06 . 2011-12-10 17:09 -------- d-----w- c:\users\Christian Lederer\AppData\Local\temp 2011-12-10 16:32 . 2011-12-10 16:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C42D5BB-5E54-46D3-A348-A63BD81DA5F1}\offreg.dll 2011-12-09 09:59 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C42D5BB-5E54-46D3-A348-A63BD81DA5F1}\mpengine.dll 2011-12-08 09:12 . 2011-12-08 09:12 -------- d-----w- c:\users\Christian Lederer\AppData\Roaming\Malwarebytes 2011-12-08 09:11 . 2011-12-08 09:11 -------- d-----w- c:\programdata\Malwarebytes 2011-12-08 09:03 . 2011-12-08 09:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-12-08 09:03 . 2011-12-08 09:03 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-12-08 09:03 . 2011-12-08 09:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-12-08 09:03 . 2011-12-08 09:03 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-12-08 09:03 . 2011-12-08 09:03 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-12-08 09:03 . 2011-12-08 09:03 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-12-08 09:03 . 2011-12-08 09:03 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-12-08 09:03 . 2011-12-08 09:03 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-11-20 14:53 . 2011-11-20 14:53 -------- d-----w- c:\programdata\VS 2011-11-20 14:46 . 2011-11-20 14:46 -------- d-----w- c:\program files\Microsoft Silverlight 2011-11-20 14:43 . 2011-09-22 16:18 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll 2011-11-20 14:43 . 2011-09-22 16:18 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL 2011-11-16 19:50 . 2011-12-10 12:58 -------- d-----w- c:\users\Christian Lederer\AppData\Local\PokerStars 2011-11-16 19:50 . 2011-11-16 19:51 -------- d-----w- c:\program files\PokerStars 2011-11-14 07:50 . 2011-11-14 07:51 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2011-11-14 07:50 . 2011-11-14 07:50 -------- d-----w- c:\program files\DVDVideoSoft 2011-11-14 07:44 . 2011-11-14 07:52 -------- d-----w- c:\users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers 2011-11-13 17:57 . 2007-01-04 10:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll 2011-11-13 08:05 . 2011-09-01 02:41 141088 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-11-13 08:05 . 2011-09-01 02:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-11-13 08:05 . 2011-09-01 02:26 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2011-11-13 08:05 . 2011-09-01 02:28 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-11-13 08:04 . 2011-09-01 02:35 1798144 ----a-w- c:\windows\system32\jscript9.dll 2011-11-13 08:04 . 2011-09-01 02:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2011-11-13 07:58 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2011-11-13 07:58 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-11-13 07:58 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2011-11-13 07:58 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2011-11-13 07:50 . 2011-11-13 07:50 -------- d-----w- c:\users\Christian Lederer\AppData\Local\ElevatedDiagnostics 2011-11-13 07:34 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-11-13 07:34 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-11-13 07:34 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2011-11-11 10:54 . 2011-11-20 08:35 -------- d-----w- c:\users\Christian Lederer\AppData\Local\Akamai . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-08 16:31 . 2011-10-28 02:26 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-12-06 11:01 . 2010-08-28 11:48 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-11-20 14:59 . 2011-04-12 05:31 207008 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll 2011-11-14 18:56 . 2011-06-05 20:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-19 15:03 . 2011-10-28 02:26 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-10-19 15:03 . 2011-10-28 02:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-09-22 16:18 . 2011-09-22 16:18 2570088 ----a-w- c:\windows\system32\sqlncli10.dll 2011-09-22 16:10 . 2011-09-22 16:10 239592 ----a-w- c:\windows\system32\drivers\RsFx0104.sys 2011-09-22 16:10 . 2011-09-22 16:10 238696 ----a-w- c:\windows\system32\drivers\RsFx0105.sys 2011-09-22 14:42 . 2011-09-22 14:42 32616 ----a-w- c:\windows\system32\DTSPipelinePerf100.dll 2011-09-21 05:29 . 2011-09-21 05:29 161792 ----a-w- c:\windows\system32\msls31.dll 2011-09-21 05:29 . 2011-09-21 05:29 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-09-21 05:29 . 2011-09-21 05:29 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-09-21 05:29 . 2011-09-21 05:29 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-09-21 05:29 . 2011-09-21 05:29 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-09-21 05:29 . 2011-09-21 05:29 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-09-21 05:29 . 2011-09-21 05:29 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-09-21 05:29 . 2011-09-21 05:29 367104 ----a-w- c:\windows\system32\html.iec 2011-09-21 05:29 . 2011-09-21 05:29 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-09-21 05:29 . 2011-09-21 05:29 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-09-21 05:29 . 2011-09-21 05:29 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-09-21 05:29 . 2011-09-21 05:29 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-09-21 05:29 . 2011-09-21 05:29 152064 ----a-w- c:\windows\system32\wextract.exe 2011-09-21 05:29 . 2011-09-21 05:29 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-09-21 05:29 . 2011-09-21 05:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-09-21 05:29 . 2011-09-21 05:29 11776 ----a-w- c:\windows\system32\mshta.exe 2011-09-21 05:29 . 2011-09-21 05:29 101888 ----a-w- c:\windows\system32\admparse.dll 2011-09-21 05:29 . 2011-09-21 05:29 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-09-20 16:22 . 2011-09-20 16:22 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-12-08 09:03 . 2011-12-08 09:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Christian Lederer\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-22 7289376] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512] "TrayServer"="c:\progra~1\MAGIX\FILME_~1\TrayServer.exe" [2008-01-17 90112] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Christian Lederer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk] path=c:\users\Christian Lederer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk backup=c:\windows\pss\Nikon Monitor.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller] 2008-02-02 00:19 58656 ----a-w- c:\program files\Nuance\PDF Professional 5\RegistryController.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook] 2008-02-02 00:20 795936 ----a-w- c:\program files\Nuance\PDF Professional 5\PdfPro5Hook.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter "EPSON Stylus D92 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "c:\users\CHRIST~1\AppData\Local\Temp\E_S7C12.tmp" /EF "HKCU" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Professional 5\Ereg\Ereg.ini" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "TrayServer"=c:\program files\MAGIX\Filme_auf_DVD_9\TrayServer.exe . R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-07-27 135168] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 BMserDiag;Global Wireless Application Port2;c:\windows\system32\DRIVERS\BMserDiag.sys [2009-11-26 87424] R3 BMserNmea;Global Wireless Application Port3;c:\windows\system32\DRIVERS\BMserNmea.sys [2009-11-26 87424] R3 BMusbmdm;Global Wireless USB Driver;c:\windows\system32\DRIVERS\BMusbmdm.sys [2009-11-26 87424] R3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\DRIVERS\cm_ser.sys [2010-07-10 103680] R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2009-12-17 103424] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x] R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x] R3 HSPADataCardusbser6k;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser6k.sys [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-03-16 17408] R3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [2008-08-21 94112] R3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\Drivers\RTL2831UUSB.sys [2008-08-21 32800] R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872] R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 93344] R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-10-26 32800] R3 SL2Usb;SL2 Driver;c:\windows\system32\Drivers\SL2Usb.sys [2011-01-18 46200] R3 SL2UsbNoSSL;SL2 Driver No SSL;c:\windows\system32\Drivers\SL2UsbNoSSL.sys [2011-01-18 46200] R3 strmdrvl;Rane SL 2;c:\windows\system32\Drivers\strmdrvl.sys [2011-03-14 34376] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2009-07-22 136496] R4 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2009-07-22 99632] R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376] R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128] R4 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-02 144672] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-05 697328] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024] R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S0 AppleHFS;AppleHFS; [x] S0 AppleMNT;AppleMNT; [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504] S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-12-08 342480] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-19 463824] S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2009-07-22 5760] S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2009-07-22 8576] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-16 1526080] S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-21 3663360] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-07-22 44576] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2011-12-10 c:\windows\Tasks\User_Feed_Synchronization-{3251C32D-4FEE-41CD-B081-78DC39EF160C}.job - c:\windows\system32\msfeedssync.exe [2011-09-21 05:29] . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = .local IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Mit Nuance PDF Converter 5.0 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100 IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Christian Lederer\AppData\Roaming\Mozilla\Firefox\Profiles\4fydp7rl.default\ FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: browser.xul.error_pages.enabled - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60 . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-10 18:09 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . c:\program files\Avira\AntiVir Desktop\checkt.exe [3176] 0x85AC5BD0 . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2011-12-10 18:16:13 ComboFix-quarantined-files.txt 2011-12-10 17:15 . Vor Suchlauf: 11 Verzeichnis(se), 62.331.621.376 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 70.718.529.536 Bytes frei . - - End Of File - - 1C179BD3D2B065D258C7AB599153BD44

10.12.2011, 19:25 gangren Member Beiträge: 420	#12 Gute Frage, manchmal tut AntiVir nur so, als hätte es sich abgeschaltet und manchmal sogar deinstalliert. Combofix hat nichts dramatisches zu Tage gefördet, sieht aus, als hätte Malwarebytes die meiste Arbeit getan. 1. TFC http://www.geekstogo.com/forum/files/download/187-tfc-temp-file-cleaner-by-oldtimer/ Starte das Programm und klicke auf "Start". Es wird temporäre Ordner bereinigen. 2. Abschließender Scan mit Eset: http://www.eset.de/onlinescanner (hier sollte der Browser als Administrator gestartet werden) Poste bitte nach Ende des Scans das Log, normalerweise zu finden unter C:\Programme\Eset\EsetOnlineScanner\log.txt 3. Wie geht es dem Rechner?

11.12.2011, 08:59 CLedy Member Themenstarter Beiträge: 42	#13 So und das abschliessende Protokoll. ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=f09b0152428af041b4c0e06e21684b85 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-10 11:49:02 # local_time=2011-12-11 12:49:02 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 3780481 3780481 0 0 # compatibility_mode=5892 16776573 100 100 18139 161081998 0 0 # compatibility_mode=8192 67108863 100 0 4041 4041 0 0 # scanned=314320 # found=1 # cleaned=1 # scan_time=11672 C:\Users\Christian Lederer\Desktop\Downloads\Anwendungen\installer_adobe_photoshop_cs2_1_0_21_Deutsch.exe Win32/Toggle Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C

11.12.2011, 11:45 gangren Member Beiträge: 420	#14 Zitat installer_adobe_photoshop_cs2_1_0_21_Deutsch.exe Finger weg von solchen Sachen, steht zwar installer drauf, ist aber keins drin. Und wäre einer drin gewesen, wär's illegal. Wie geht es dem Rechner?

11.12.2011, 22:20 CLedy Member Themenstarter Beiträge: 42	#15 Da muss ich dir recht geben, Finger weg. Ich werde es mir hinter die Ohren schreiben! Den Rechner geht es soweit gut. Die Auslastung ist okay, also ich denke wir haben das Problem gelöst, was meinst Du???

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2