Home » Viren, Trojaner & Malware Forum » Verdacht auf Virus - Emailaccount gehackt » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Verdacht auf Virus - Emailaccount gehackt

07.12.2011, 21:43

CLedy

Member

Beiträge: 42

#1 Seit gut einen Monat ist meine Rechnerleistung um ein vielfaches geschwächt. Das Öffnen von Anwendungen läuft nur spärlich und dauert. Der Zugriff auf Dateien nimmt viel Zeit in Anspruch, obwohl keinerlei Anwendung im Hintergrund laufen.

Habe Autostart-Programme auf ein Minumum reduziert. Internet läuft ohne Probleme, dieser Thread bezieht sich ausschliesslich auf die Rechnerleistung. Ich bin der Meinung da läuft etwas im Hintergrund, welches mir arge Sorgen bereitet.

Vor ca. 3 Wochen wurde mein Emailaccount bei GMX gesperrt, da dieser für SPAM genutzt wurde. Ich öffne meine Emails jedoch nur über Outlook.

Der Virenscanner ist bisher nicht angeschlagen!!!

OTL lief problemlos, beim Ausführen von gmer ist der Computer nach ca. 4 Std. unerwartet heruntergefahren.

Bitte um Hilfe und danke schonmal im voraus!!!
CLedy

OTL logfile created on: 07.12.2011 13:46:24 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Christian Lederer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 45,32% Memory free
6,19 Gb Paging File | 4,95 Gb Available in Paging File | 79,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 59,52 Gb Free Space | 41,31% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 68,72 Gb Free Space | 47,73% Space Free | Partition Type: NTFS
Drive E: | 1,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: CHRISTIANLED-PC | User Name: Christian Lederer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.12.07 13:43:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian Lederer\Desktop\OTL.exe
PRC - [2011.11.17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Christian Lederer\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.10.19 16:03:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.10.19 16:02:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.10.19 16:02:32 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.16 15:51:28 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.09.16 15:48:46 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010.07.27 15:21:58 | 000,135,168 | ---- | M] () -- C:\Windows\System32\ChgService.exe
PRC - [2010.04.15 09:16:48 | 000,288,064 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.02.02 01:20:40 | 000,795,936 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2006.04.18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.02.09 01:56:38 | 000,296,448 | ---- | M] () -- D:\Joomla\Notepad++\NppShell_04.dll
MOD - [2010.11.17 20:08:02 | 000,075,048 | ---- | M] () -- C:\Program Files\FILEminimizer Pictures\FILEMShell.dll
MOD - [2010.08.15 23:08:44 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009.08.16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2011.11.20 09:39:30 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011.10.19 16:02:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:02:35 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.19 16:02:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.10.19 16:02:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.16 15:48:46 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.05.13 16:52:43 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.07.27 15:21:58 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ChgService.exe -- (Change Modem Device Service)
SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.07.22 09:16:50 | 000,099,632 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Windows\System32\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV - [2009.07.22 09:16:48 | 000,136,496 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV - [2009.02.06 16:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.05.23 13:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.23 12:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.02.02 01:20:34 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.04.18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011.10.19 16:03:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:03:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:03:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.22 17:10:34 | 000,238,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0105.sys -- (RsFx0105)
DRV - [2011.03.14 20:05:50 | 000,034,376 | ---- | M] (Rane Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\strmdrvl.sys -- (strmdrvl)
DRV - [2011.01.18 14:16:40 | 000,046,200 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SL2Usb.sys -- (SL2Usb)
DRV - [2011.01.18 14:16:36 | 000,046,200 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SL2UsbNoSSL.sys -- (SL2UsbNoSSL)
DRV - [2010.11.29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.10.05 17:28:59 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.07.10 10:13:01 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.29 14:20:15 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.04.29 14:20:15 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.03.16 18:53:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.12.17 10:56:04 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2009.11.26 08:32:46 | 000,087,424 | ---- | M] (Global Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BMusbmdm.sys -- (BMusbmdm)
DRV - [2009.11.26 08:32:46 | 000,087,424 | ---- | M] (Global Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BMserNmea.sys -- (BMserNmea)
DRV - [2009.11.26 08:32:46 | 000,087,424 | ---- | M] (Global Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BMserDiag.sys -- (BMserDiag)
DRV - [2009.10.26 09:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - [2009.10.26 09:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - [2009.10.05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2009.07.22 18:13:07 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.07.22 09:11:44 | 000,005,760 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KeyAgent.sys -- (KeyAgent)
DRV - [2009.07.22 09:11:18 | 000,048,000 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AppleHFS.sys -- (AppleHFS)
DRV - [2009.07.22 09:11:18 | 000,005,120 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AppleMNT.sys -- (AppleMNT)
DRV - [2009.07.22 09:11:14 | 000,008,576 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.08.21 07:15:50 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2831UUSB.sys -- (RTL2831UUSB)
DRV - [2008.08.21 07:15:44 | 000,094,112 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2831UBDA.sys -- (RTL2831UBDA)
DRV - [2008.07.30 06:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.06.09 15:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.21 03:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.05.07 07:09:20 | 000,125,200 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.03.01 12:12:16 | 000,075,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2007.03.01 12:12:16 | 000,058,368 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP210x USB Composite Device driver (WDM)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004.01.28 15:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.13 16:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.13 16:27:59 | 000,000,000 | ---D | M]

[2010.04.17 17:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian Lederer\AppData\Roaming\mozilla\Extensions
[2011.12.07 09:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian Lederer\AppData\Roaming\mozilla\Firefox\Profiles\4fydp7rl.default\extensions
[2011.11.14 08:52:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian Lederer\AppData\Roaming\mozilla\Firefox\Profiles\4fydp7rl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.11 13:08:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Christian Lederer\AppData\Roaming\mozilla\Firefox\Profiles\4fydp7rl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.09.21 07:49:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.22 09:25:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.04.22 00:24:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.11.13 16:27:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.13 16:27:57 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.13 16:27:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.13 16:27:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.13 16:27:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Filme_auf_DVD_9\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Christian Lederer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Mit Nuance PDF Converter 5.0 öffnen - C:\Program Files\Nuance\PDF Professional 5\cnvres_ger.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Christian Lederer\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Christian Lederer\Desktop\PartyPoker.lnk ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A79D647-452D-4F37-88B7-A059A108771D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFF482C3-B75F-40E7-A58B-6623653533B2}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\imfrmwrk.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\isuspm.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\ncc.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdfdirect.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdfplus.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\pdfrouter.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{04bc4a68-2969-11e0-96cb-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{04bc4a68-2969-11e0-96cb-001e101fabdd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{456ad7f9-2838-11e0-b592-001fe2fc84f8}\Shell - "" = AutoRun
O33 - MountPoints2\{456ad7f9-2838-11e0-b592-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{51ea7d5c-4ad2-11e0-a257-001fe2fc84f8}\Shell - "" = AutoRun
O33 - MountPoints2\{51ea7d5c-4ad2-11e0-a257-001fe2fc84f8}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{7f181251-a38b-11e0-8144-001fe2fc84f8}\Shell - "" = AutoRun
O33 - MountPoints2\{7f181251-a38b-11e0-8144-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{eeaa6868-38e2-11e0-bf28-001fe2fc84f8}\Shell - "" = AutoRun
O33 - MountPoints2\{eeaa6868-38e2-11e0-bf28-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\.\Windows_ShowModem.exe
O33 - MountPoints2\{fc7e178c-4a24-11df-af3e-001fe2fc84f8}\Shell - "" = AutoRun
O33 - MountPoints2\{fc7e178c-4a24-11df-af3e-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{fc7e1796-4a24-11df-af3e-001fe2fc84f8}\Shell - "" = AutoRun
O33 - MountPoints2\{fc7e1796-4a24-11df-af3e-001fe2fc84f8}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing LP)
MsConfig - StartUpFolder: C:^Users^Christian Lederer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe - (Nikon Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - File not found
MsConfig - StartUpReg: PDF5 Registry Controller - hkey= - key= - C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PDFHook - hkey= - key= - C:\Program Files\Nuance\PDF Professional 5\PdfPro5Hook.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.12.07 13:44:52 | 000,000,000 | ---D | C] -- C:\Users\Christian Lederer\Desktop\BProtectus
[2011.12.07 13:43:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Christian Lederer\Desktop\OTL.exe
[2011.12.03 16:54:49 | 000,000,000 | ---D | C] -- C:\Users\Christian Lederer\Desktop\Musik für Heike
[2011.11.20 15:58:18 | 000,000,000 | ---D | C] -- C:\Users\Christian Lederer\Documents\Visual Studio 2010
[2011.11.20 15:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2011.11.20 15:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.11.20 15:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.11.16 20:50:47 | 000,000,000 | ---D | C] -- C:\Users\Christian Lederer\AppData\Local\PokerStars
[2011.11.16 20:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
[2011.11.16 20:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011.11.14 19:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2011.11.14 08:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.11.14 08:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.11.14 08:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.11.14 08:44:57 | 000,000,000 | ---D | C] -- C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.14 08:42:20 | 079,982,323 | ---- | C] (Daslight ) -- C:\Users\Christian Lederer\Desktop\DVC2_setup.exe
[2011.11.13 19:00:26 | 000,000,000 | ---D | C] -- C:\Users\Christian Lederer\Desktop\HEIKE
[2011.11.13 18:57:59 | 000,663,552 | ---- | C] (MAGIX AG) -- C:\Windows\System32\mgxoschk.dll
[2011.11.13 08:50:39 | 000,000,000 | ---D | C] -- C:\Users\Christian Lederer\AppData\Local\ElevatedDiagnostics
[2011.11.11 11:54:34 | 000,000,000 | ---D | C] -- C:\Users\Christian Lederer\AppData\Local\Akamai
[2011.03.10 14:28:10 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2011.03.10 14:28:10 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.12.07 13:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3251C32D-4FEE-41CD-B081-78DC39EF160C}.job
[2011.12.07 13:44:50 | 000,314,071 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.07 13:43:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian Lederer\Desktop\OTL.exe
[2011.12.07 13:30:22 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.07 13:30:22 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.07 12:47:06 | 000,314,071 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.07 12:47:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.05 20:14:40 | 000,758,402 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.05 20:14:40 | 000,716,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.05 20:14:40 | 000,178,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.05 20:14:40 | 000,151,010 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.05 17:05:19 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.05 16:49:24 | 000,188,928 | ---- | M] () -- C:\Users\Christian Lederer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.24 22:13:36 | 011,292,340 | ---- | M] () -- C:\Users\Christian Lederer\Desktop\Avenue d'Electronique - Neue Welt (Ariane) - final.mp3
[2011.11.24 22:04:48 | 016,254,560 | ---- | M] () -- C:\Users\Christian Lederer\Desktop\Avenue d'Electronique - Fern Dieser Zeit (Ariane) - final.mp3
[2011.11.20 17:16:26 | 000,414,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.14 19:56:28 | 000,001,651 | ---- | M] () -- C:\Users\Christian Lederer\Desktop\PartyPoker.lnk
[2011.11.13 10:10:15 | 079,982,323 | ---- | M] (Daslight ) -- C:\Users\Christian Lederer\Desktop\DVC2_setup.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.12.03 16:34:52 | 003,373,524 | ---- | C] () -- C:\Users\Christian Lederer\Desktop\PRO VICTORIA.mp3
[2011.12.03 16:08:59 | 011,292,340 | ---- | C] () -- C:\Users\Christian Lederer\Desktop\Avenue d'Electronique - Neue Welt (Ariane) - final.mp3
[2011.12.03 16:08:57 | 016,254,560 | ---- | C] () -- C:\Users\Christian Lederer\Desktop\Avenue d'Electronique - Fern Dieser Zeit (Ariane) - final.mp3
[2011.11.14 19:56:28 | 000,001,651 | ---- | C] () -- C:\Users\Christian Lederer\Desktop\PartyPoker.lnk
[2011.06.27 07:24:36 | 000,000,026 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.06.24 04:36:38 | 000,073,832 | ---- | C] () -- C:\Windows\System32\SuperFrameSplitter.dll
[2011.06.24 04:36:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RTKDABMWare.dll
[2011.05.19 15:38:22 | 000,494,664 | ---- | C] () -- C:\Windows\System32\RaneAsioSL2.dll
[2011.05.13 05:38:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.13 05:38:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.04.12 15:09:09 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2011.03.21 07:35:48 | 000,000,119 | -HS- | C] () -- C:\Windows\cnerolf.dat
[2011.03.12 06:45:29 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.03.10 14:28:16 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2011.03.10 14:28:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2011.03.10 14:28:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2011.03.10 14:28:15 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2011.03.10 14:28:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.03.10 14:28:12 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2011.03.10 14:28:11 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2011.03.10 14:28:10 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2011.03.10 14:28:10 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2011.03.10 14:28:09 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2011.03.10 14:28:07 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2011.03.10 14:28:06 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2011.03.10 14:28:06 | 000,000,626 | ---- | C] () -- C:\Windows\HotFixList.ini
[2011.03.10 14:28:06 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2011.03.10 14:28:06 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2011.02.15 16:19:04 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ChgService.exe
[2011.01.05 15:35:41 | 000,000,136 | ---- | C] () -- C:\Users\Christian Lederer\AppData\Roaming\default.rss
[2010.10.08 19:00:47 | 000,188,928 | ---- | C] () -- C:\Users\Christian Lederer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.08 16:08:18 | 000,061,977 | ---- | C] () -- C:\Windows\uninstall_Wonderful Madeira.ini
[2010.05.21 12:42:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.05.12 07:37:33 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010.04.29 14:20:15 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.04.29 14:20:15 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.04.23 10:18:54 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.04.19 15:49:04 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.19 14:56:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.04.19 14:45:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Drivers
[2010.04.19 14:45:32 | 000,000,268 | RH-- | C] () -- C:\Users\Christian Lederer\AppData\Roaming\Logs
[2010.04.19 14:45:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010.04.19 14:36:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations
[2010.04.19 14:36:57 | 000,000,268 | RH-- | C] () -- C:\Users\Christian Lederer\AppData\Roaming\Light Machine
[2010.04.19 14:36:57 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.04.18 10:36:40 | 000,314,071 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.04.18 10:36:28 | 000,314,071 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.17 14:32:36 | 000,000,680 | ---- | C] () -- C:\Users\Christian Lederer\AppData\Local\d3d9caps.dat
[2010.04.17 14:25:57 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.07.22 09:16:48 | 000,136,496 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe
[2009.06.19 13:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 13:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 13:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 13:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 13:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 13:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 13:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 13:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 13:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 13:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.01.21 08:15:58 | 000,758,402 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,178,428 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.01 19:19:15 | 000,098,304 | ---- | C] () -- C:\Windows\System32\fs2cchk4.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,414,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,716,224 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,151,010 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.10.28 15:38:10 | 000,315,728 | ---- | C] () -- C:\Windows\System32\flt1chk3.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010.10.04 08:03:45 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\Alnera
[2011.05.14 10:50:25 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\Amazon
[2011.06.30 02:33:07 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\CherSoft
[2010.04.26 20:23:03 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\DAEMON Tools Pro
[2011.11.14 12:26:51 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoft
[2011.11.14 08:52:01 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.02 08:08:48 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\FILEminimizerPictures
[2011.05.17 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\FileZilla
[2010.10.21 12:52:46 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\Inkscape
[2010.04.19 15:53:42 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\MAGIX
[2010.11.22 17:50:58 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\Nikon
[2011.04.11 11:20:15 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\Notepad++
[2011.01.27 20:18:46 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\phonostar-Player
[2010.04.28 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\ProtectDisc
[2011.06.01 07:44:35 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\TeamViewer
[2011.10.01 21:36:04 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\TuneUp Software
[2010.12.11 21:39:25 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\UClick
[2011.04.12 11:03:44 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\Valuga Software
[2010.10.08 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\Christian Lederer\AppData\Roaming\Zeon
[2011.12.05 17:05:20 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.07 13:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3251C32D-4FEE-41CD-B081-78DC39EF160C}.job

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.10.18 21:21:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.05.27 12:53:50 | 000,000,000 | ---D | M] -- C:\Archivos de programa
[2011.05.13 19:57:41 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.06 12:03:35 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.11.30 18:29:26 | 000,000,000 | ---D | M] -- C:\coolspot AG
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.04.17 14:29:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.04.18 10:17:25 | 000,000,000 | ---D | M] -- C:\Intel
[2010.04.22 15:51:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.01.27 02:02:47 | 000,000,000 | -H-D | M] -- C:\ONWERETETR.exe
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.06 12:03:28 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.21 23:23:28 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.04.17 14:29:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.14 19:55:55 | 000,000,000 | ---D | M] -- C:\Programs
[2010.12.05 10:04:01 | 000,000,000 | ---D | M] -- C:\SiLabs
[2011.12.07 13:51:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.18 21:21:18 | 000,000,000 | R--D | M] -- C:\Users
[2011.03.19 18:41:40 | 000,000,000 | ---D | M] -- C:\VistaMare
[2011.12.01 22:07:53 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
"NoAutoUpdate" = 0

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-25 09:17:56

< End of report >

OTL Extras logfile created on: 07.12.2011 13:46:24 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Christian Lederer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 45,32% Memory free
6,19 Gb Paging File | 4,95 Gb Available in Paging File | 79,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 59,52 Gb Free Space | 41,31% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 68,72 Gb Free Space | 47,73% Space Free | Partition Type: NTFS
Drive E: | 1,11 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: CHRISTIANLED-PC | User Name: Christian Lederer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01431308-89C1-44F0-BF7A-F1DCC6865D1D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{06BEB139-8449-48D6-9D08-0C7CC907AAA2}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{07AF73AB-2633-495C-B4D4-9C60B3D83D1D}" = lport=139 | protocol=6 | dir=in | app=system |
"{14CBF368-AB31-405E-BE6A-D9B6BF8D5DA9}" = lport=138 | protocol=17 | dir=in | app=system |
"{1690C266-6CB2-412B-B534-04F4F9C2A996}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{19A418AE-1304-4637-AD04-3206A1781DB5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A9AF1B4-D1EB-4D72-A16B-A06F801C81A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3AAC7F30-DBE1-450E-9503-35073CBC9FD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D531F52-9ED7-4AC3-8B02-666ED9544920}" = rport=10243 | protocol=6 | dir=out | app=system |
"{519120C7-FDC8-4658-86BB-422E4AE4CAA3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{51BE485E-53D1-49D9-BC47-F1C1113FB819}" = rport=139 | protocol=6 | dir=out | app=system |
"{55F32837-B333-4E6E-A7AB-2D4197B26389}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5936F2B6-B70F-4069-BBE2-113AC3967B1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62EDBC6A-7456-4EC9-B4FD-0C06E9D1DB3B}" = lport=137 | protocol=17 | dir=in | app=system |
"{63872D1F-0C71-4B56-8E51-962740BC44D8}" = rport=445 | protocol=6 | dir=out | app=system |
"{721EEF22-DED1-46ED-8F17-E2B021548DB0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{766239DD-9A97-40B4-ADFE-53E3AEC49330}" = lport=445 | protocol=6 | dir=in | app=system |
"{7C44E6E5-D3B2-45AD-A892-2D217C88114C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8592AD82-9945-4F64-B596-3B9D87E56760}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{877F92B5-7AF0-499B-ACB4-463F7D31A80B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{96E7DD9E-52D6-4716-AF49-21898743EB2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9751C85E-5286-4843-BBDB-C63A6A3E088C}" = lport=63999 | protocol=6 | dir=in | name=akamai netsession interface |
"{9D1BB53D-F90E-428A-B83D-DADC159763B1}" = rport=138 | protocol=17 | dir=out | app=system |
"{A10E7E07-3861-473F-9490-FD6D4C357970}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A691DD06-D4CC-49D9-A188-0D41B02985F6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B934CF7C-19F3-4457-87AC-B6BC50CD2FD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD77AE7C-A538-4DB1-8F27-08999B9ED199}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFAA6082-4E1D-4420-8D59-233A08F16F7C}" = lport=32062 | protocol=17 | dir=in | name=fsinn |
"{C313E8AD-DF89-4625-A733-51B0FDD48EFB}" = rport=137 | protocol=17 | dir=out | app=system |
"{C47C6749-9BAB-4B34-AA6D-E476E8EF1E09}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{C6C5CC41-4809-4124-B94F-081DAF0EEFEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E997635C-D979-4A3B-827E-B46BC2529894}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E9977BCC-5A8D-4787-9CFF-E73AB1D94F66}" = lport=10243 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B55C33-ECD7-44BF-AC6B-6068AF4CD29A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{05282E40-3227-4569-B8B0-85171792202D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B2A84F8-94E0-454D-907A-5844FE9E84C6}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{0D188856-5A03-4BB7-8C70-E7A4DC907E91}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{18E5A894-AEB4-4982-9959-AA8C49DD2723}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1974FD44-CFD2-43E0-A228-6D56A1DAFA25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DC9C853-8C8D-4144-8C76-B78448CA733F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{2402FC5F-BBEE-4F1B-919F-F84B1A237BEE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B433FEB-7442-4F6E-B814-C8D230B4C610}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4E259B9E-81FC-45BA-891C-B173DDDB56C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{55264589-6F72-4051-BA44-0BFC98C82CBA}" = protocol=6 | dir=out | app=system |
"{571B34EE-8514-4C55-BBA2-2D8820A4A989}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5B51C56A-49A6-4571-B537-3AA59458F7A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{60F9A68A-E5D0-4276-B540-C134B665A12A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{646BC69B-16D9-44D6-9BF7-C15C7BA050B4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{664092E1-3E69-49C2-A780-4BD9FDBE7DFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{726B8EC9-A4F3-4F36-B3E2-F900CB56CB96}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{785C2166-C74E-450C-B8B4-2B5184C2BAB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{804ECC22-B403-4B7C-87E6-543C1A082FB3}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{820B60A9-DE19-4EC0-9C44-B485BD673193}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{888CDF3A-47AD-48D7-B323-EB91F4612AAD}" = protocol=17 | dir=in | app=c:\users\christian lederer\appdata\local\akamai\netsession_win.exe |
"{88F630AE-1D0C-408E-B01F-049F70A5BBA5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9BEEBA3A-B45C-48BD-B723-F3BAFECD6556}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ABC4864F-0AB6-4DB9-B1B9-D0D3F31C71FA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{B08A7A1E-2044-4685-BC66-7EFEF69FEBD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C25787DD-05E4-466C-959C-EC2614F1574B}" = protocol=6 | dir=in | app=c:\users\christian lederer\appdata\local\akamai\netsession_win.exe |
"{C7388D2B-1916-4371-8EBB-7DF09EE61994}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{D7AF9381-5AD2-45EB-9968-4256C7EE46E0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DEDE359D-D7E3-41A3-9EB9-9BD0554D6F7F}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{E52A669C-4042-4E3A-8EF6-C8330DD7A409}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EA50D40F-4845-4929-BF53-DEF6B1D4F27F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE89DB84-93D9-4BAE-973E-0CD9A98EADA4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F329F406-C1CA-4BCE-97F8-C01C4FB98727}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F48F4517-1B34-4F37-9149-9826F700C2B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F98A340E-C96C-4613-8F18-C9FE4382F86C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FDCA32CA-24B0-4941-BBA1-10A34A653EC9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{12AB634B-AB97-49C0-9E1E-AE63D6F43F55}D:\cs\hl.exe" = protocol=6 | dir=in | app=d:\cs\hl.exe |
"TCP Query User{4835E2EA-936E-47F9-8DCF-56B10BA0742D}C:\users\christian lederer\appdata\local\mobione studio\mobione 1.1.3\mobione.exe" = protocol=6 | dir=in | app=c:\users\christian lederer\appdata\local\mobione studio\mobione 1.1.3\mobione.exe |
"TCP Query User{4DB2BA52-0C7C-47FB-BFFB-66974852C30B}C:\program files\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\ps_olect.exe |
"TCP Query User{5792BB78-101F-4961-8986-7E08C6767E39}F:\anwendungen\wiki\zenoreader.exe" = protocol=6 | dir=in | app=f:\anwendungen\wiki\zenoreader.exe |
"TCP Query User{5B4575E6-E8C5-4E0B-884D-A9869B0151B7}D:\flugsimulator\fsfdt\fwinn\fwinn.exe" = protocol=6 | dir=in | app=d:\flugsimulator\fsfdt\fwinn\fwinn.exe |
"TCP Query User{65921FC7-7857-4BAF-8917-B06E7FF1C571}D:\spiele\motogp ii\motogp2.exe" = protocol=6 | dir=in | app=d:\spiele\motogp ii\motogp2.exe |
"TCP Query User{65B44129-FB03-4877-A418-0EFF82C1ABE8}D:\cs\hltv.exe" = protocol=6 | dir=in | app=d:\cs\hltv.exe |
"TCP Query User{69C13A5E-AE7D-4493-838F-E1D8D25312AB}D:\flugsimulator\fsfdt\fwinn\fwinn.exe" = protocol=6 | dir=in | app=d:\flugsimulator\fsfdt\fwinn\fwinn.exe |
"TCP Query User{77864EBC-6F74-47A3-B02F-A92A0C635CD0}E:\dvdcdsharing\remoteinstallmacosx.exe" = protocol=6 | dir=in | app=e:\dvdcdsharing\remoteinstallmacosx.exe |
"TCP Query User{893037B8-7566-47DC-85B0-771CC7DF2E13}C:\users\christian lederer\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\christian lederer\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8F865E95-9156-47FE-A602-A560450CCE10}F:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=f:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe |
"TCP Query User{9B66F0CD-EF3E-4537-87E5-FF6A395D89C8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A97465F3-4FFB-4BF9-84FE-A9E3C5091ABF}D:\flugsimulator\fsfdt\control panel\fsfdtcp.exe" = protocol=6 | dir=in | app=d:\flugsimulator\fsfdt\control panel\fsfdtcp.exe |
"TCP Query User{ABC241B5-E939-4A3E-AB45-C06EBD56BA26}D:\flugsimulator\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=d:\flugsimulator\flight simulator 9\fs9.exe |
"TCP Query User{AC6CD6E0-18EB-4A2A-A405-85FB401B1E03}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B4E545D9-1EB7-401E-8B15-DD25CA38290B}D:\flugsimulator\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=d:\flugsimulator\flight simulator 9\fs9.exe |
"TCP Query User{BD9F3800-CBCC-48FE-A3E7-B4380F88804F}I:\spiele\spiele\srs racing\bin\srs.exe" = protocol=6 | dir=in | app=i:\spiele\spiele\srs racing\bin\srs.exe |
"TCP Query User{C69E92F6-8B32-487F-BFDB-6E816EF5D26F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{D581B578-EDDC-4378-80E3-C342098923AC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F27EA181-EE61-458B-BC8F-2758A7F17684}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{F90D809C-1717-45B0-997F-C30565A586E0}F:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe" = protocol=6 | dir=in | app=f:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe |
"TCP Query User{FA655F07-033E-464A-BF52-32BF00CA6914}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{FDD68F27-37B3-414D-BBFF-B0BECB13D027}D:\flugsimulator\fsfdt\control panel\fsfdtcp.exe" = protocol=6 | dir=in | app=d:\flugsimulator\fsfdt\control panel\fsfdtcp.exe |
"UDP Query User{0B318B0B-5D50-4B07-893A-75C1AD9D6F47}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{154A7964-0634-4E38-B2BC-684B19C39E8A}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{18C7C941-CC1B-4480-AC4D-252CD8EF7ACC}D:\cs\hl.exe" = protocol=17 | dir=in | app=d:\cs\hl.exe |
"UDP Query User{34D5A5F9-C4FC-43F0-BAA0-B429501F0134}F:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=f:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe |
"UDP Query User{41B71F4C-9835-4B3B-8AAC-D583176A9AB0}D:\cs\hltv.exe" = protocol=17 | dir=in | app=d:\cs\hltv.exe |
"UDP Query User{491CD6A9-CBF5-4C33-9A63-B9283F74D51F}I:\spiele\spiele\srs racing\bin\srs.exe" = protocol=17 | dir=in | app=i:\spiele\spiele\srs racing\bin\srs.exe |
"UDP Query User{4E36DBEF-E726-48E8-9053-6ACFD16C1323}C:\program files\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\ps_olect.exe |
"UDP Query User{5734EE33-FE95-44EB-9664-0700D523D2F2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{59C9A8FF-29F7-4548-877E-83D75BD819B1}D:\flugsimulator\fsfdt\control panel\fsfdtcp.exe" = protocol=17 | dir=in | app=d:\flugsimulator\fsfdt\control panel\fsfdtcp.exe |
"UDP Query User{5AE37C8D-BA2C-444D-9A40-14DF313DF864}D:\flugsimulator\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=d:\flugsimulator\flight simulator 9\fs9.exe |
"UDP Query User{61453A6B-24B3-423E-B133-16FD66DC4AD2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6940265F-0EA5-48F2-A244-C18460F195A5}D:\flugsimulator\fsfdt\fwinn\fwinn.exe" = protocol=17 | dir=in | app=d:\flugsimulator\fsfdt\fwinn\fwinn.exe |
"UDP Query User{79D3DFB6-79B1-4268-B9DC-AD9F795C6136}C:\users\christian lederer\appdata\local\mobione studio\mobione 1.1.3\mobione.exe" = protocol=17 | dir=in | app=c:\users\christian lederer\appdata\local\mobione studio\mobione 1.1.3\mobione.exe |
"UDP Query User{7F1FA9B9-6F1D-435D-9389-416243EEF6E3}D:\flugsimulator\fsfdt\fwinn\fwinn.exe" = protocol=17 | dir=in | app=d:\flugsimulator\fsfdt\fwinn\fwinn.exe |
"UDP Query User{875CFC8C-251B-465D-8B0A-487BFD83F1E5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8F295A4D-F656-479B-8F16-810965B31A57}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A3410475-9832-43C9-8879-D9E90A2098E0}F:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=f:\spiele\spiele\microsoft games\microsoft flightsimulator\flugsimulator\flight simulator 9\fs9.exe |
"UDP Query User{B1F4DBDD-CB8F-4CE1-8C02-46EE8C392DFA}F:\anwendungen\wiki\zenoreader.exe" = protocol=17 | dir=in | app=f:\anwendungen\wiki\zenoreader.exe |
"UDP Query User{B736E8D7-1E5A-4E90-8329-26D7C6B594D0}C:\users\christian lederer\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\christian lederer\appdata\local\akamai\netsession_win.exe |
"UDP Query User{BD5DCA25-F2A7-4E16-B918-2B6C1DE707B6}E:\dvdcdsharing\remoteinstallmacosx.exe" = protocol=17 | dir=in | app=e:\dvdcdsharing\remoteinstallmacosx.exe |
"UDP Query User{BFF57733-7220-4A54-ABE1-31F5174C6CB2}D:\flugsimulator\flight simulator 9\fs9.exe" = protocol=17 | dir=in | app=d:\flugsimulator\flight simulator 9\fs9.exe |
"UDP Query User{C1FE995C-BF57-463E-8248-B4CCA986BDAF}D:\spiele\motogp ii\motogp2.exe" = protocol=17 | dir=in | app=d:\spiele\motogp ii\motogp2.exe |
"UDP Query User{DE6BD1BD-0C97-4944-8E02-98A964E1F14B}D:\flugsimulator\fsfdt\control panel\fsfdtcp.exe" = protocol=17 | dir=in | app=d:\flugsimulator\fsfdt\control panel\fsfdtcp.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02F211DA-568C-4E90-A7CC-DE7CDEAA2FA5}_is1" = Das Wein-Imperium 1.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0705EEB6-2F15-4D19-B37D-84C953E93D18}" = aerosoft's - German Airports 2 X - FS2004
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D205BAC-3B16-4770-9BBD-FF5F0BEDA193}" = aerosoft's - MyTraffic 2006
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0FC39141-1BB8-4C29-9D74-A6710131B74F}" = aerosoft's - Madrid 2008
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1C80DD6F-0BFF-4177-97E0-4A2DD831FD62}" = aerosoft's - German Airports 1 Bundle - FS2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A231800-A7CF-4223-B8A3-1FD9057BAE96}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{34BDC9DA-9320-491C-AA40-B0D98A0EBA9C}" = aerosoft's - Mega Airport Frankfurt - FS2004
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}" = Microsoft SQL Server 2008 Native Client
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57BB52B7-6B7B-31F3-89F4-4EE8FE5CEF6D}" = Microsoft Help Viewer 1.1
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5AEB54C5-FF4A-4CCF-A51C-BB9C3DD56E05}" = aerosoft's - France 2 - FS2004
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{6022B4FC-4698-4A62-B9FD-54809A9E06F8}" = MPM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{68ACDE46-2B55-4CD3-981F-4816998AC5D0}" = aerosoft's - German Airports 4 Bundle - FS2004
"{6AF1A4E5-0166-4496-AE31-1D66EBD96FF7}" = OffiSync
"{6C06AC26-DBD1-46E5-9863-33E7633566E5}" = ActiveSky Version 6 and ActiveSky Graphics
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{8133D88C-C6F0-4D1A-962E-C3F57D0AB117}" = ODF Add-in for Microsoft Office
"{82BEEB3F-D0BF-42EE-8739-F4827C4805B7}" = VirtualDJ PRO Full
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7B4ACF2-5A81-44F4-8253-9211A3B8AFA8}-FS2004" = aerosoft's - Wonderful Madeira - FS2004
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA755AA7-B941-48A0-828C-7F43975E3EDE}_is1" = XAcars for Microsoft Flightsimulator
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AD9B3D15-8C5E-4E32-BF82-4D5556B9CFA3}" = aerosoft's - Balearen-Gibraltar - FS2004
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp-Dienste
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{C05BC4CD-C001-37E7-939C-3392604DFBEF}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C83CD843-260E-3BD0-86BC-4E613BFDDE0A}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9F9BEAE-3963-41D3-B970-CA60C6A71179}" = HP Officejet K7100 Series Toolbox
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{d1ef8f26-03c4-4455-b23a-da93f0f4d915}" = Nero 9
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DF38C72B-8A86-4727-99D2-FA7CC5E17A24}" = Microsoft SQL Server 2008 RsFx Driver
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}" = Nuance PDF Professional 5
"{ECE1939E-3491-409E-87B7-E7DF65E7B909}" = aerosoft's - German Airports 3 Bundle - FS2004
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D89E72-2A46-42ED-ABDB-1F93E5918807}" = Just Flight - 757 Captain FS2004
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{FB5F0D16-9973-4B62-A249-8A83A51F1D14}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows-Treiberpaket - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"0A86889A63334895E2898E1C618451C13E8BEC74" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (09/18/2008 7.6.1.122)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows-Treiberpaket - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows-Treiberpaket - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"2A220AD1D71245D60F803E0D8C463ABFFE7C6244" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows-Treiberpaket - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"3A712FAD839A90C4CD37CE06FA695DCC4E91A52F" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5A42EC04483B9307C1A29CDA2199268A7A8FA52D" = Windows-Treiberpaket - Atheros Communications Inc. Net (09/18/2008 7.6.1.122)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows-Treiberpaket - Intel Net (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows-Treiberpaket - Intel Net (07/22/2008 10.3.45.0)
"695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"75B57AFB407D191B0DAEF05EE9665A5A86701A9A" = Windows-Treiberpaket - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows-Treiberpaket - Intel Net (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows-Treiberpaket - Intel Net (08/05/2008 10.3.49.0)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0)
"8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows-Treiberpaket - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows-Treiberpaket - Intel Net (06/13/2008 9.52.9.0)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.70
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Artisteer 2" = Artisteer 2
"ATR_72500" = Flight One ATR 72-500
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows-Treiberpaket - Intel (e1express) Net (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"D7BD0CDD4F84752390916F44F40574507E36FE5E" = Windows-Treiberpaket - Apple Inc. (applebt) Bluetooth (01/19/2009 2.1.2.1)
"DCEFA559AE3275AB4F80389685E1BD3D978A5707" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8)
"DD660B87FBFA46A1E99C15466EA26AA41E678250" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
"Easy CD-DA Extractor 11" = Easy CD-DA Extractor 11
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Euro Truck Simulator" = Euro Truck Simulator 1.1
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows-Treiberpaket - Apple Inc. System (08/22/2008 2.1.1.1)
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FileZilla Client" = FileZilla Client 3.3.4.1
"Flight Crew X (Download Version)" = Flight Crew X (Download Version)
"Flight Crew X: FS9 Version" = Flight Crew X: FS9 Version
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"Free Studio_is1" = Free Studio version 5.2.1
"FSFDT FSCopilot" = FSFDT FSCopilot
"FSFDT FSInn" = FSFDT FSInn
"Inkscape" = Inkscape 0.48.1
"JDownloader" = JDownloader
"MAGIX Filme auf DVD 9 D" = MAGIX Filme auf DVD 9 9.0.0.12 (D)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.0
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RaneAsioSL2_is1" = Rane SL 2 (ver. 1.0.0a6)
"RTL Winter Sports 2009" = RTL Winter Sports 2009
"Shockwave" = Shockwave
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"ST6UNST #1" = Visual Basic 6.0 Runtime&Steuerelemente
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Victory 301USB Normal Version_is1" = Victory 301USB version 5.351
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR
"WinZip" = WinZip

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Airbus Series Vol.1 Deluxe (FS2004)" = Airbus Series Vol.1 Deluxe (FS2004)
"Akamai" = Akamai NetSession Interface

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

08.12.2011, 09:52

gangren

Member

Beiträge: 420

#2 Hi

Bitte alle Tools, die wir einsetzen mit Rechtsklick "Als Administrator starten" ausführen.

1. Installiere Malwarebytes
http://www.malwarebytes.org/
(Download Now)
lasse die Aktualisierung zu, führe einen Quick Scan durch, lasse evtl. Funde von Malwarebytes entfernen und poste anschließend das Log.

08.12.2011, 10:26

CLedy

Member

Themenstarter

Beiträge: 42

#3 Tools wurden als Admin ausgeführt.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8332

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

08.12.2011 10:25:16
mbam-log-2011-12-08 (10-25-16).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 207036
Laufzeit: 10 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iTunes.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\onweretetr.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\onweretetr.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

08.12.2011, 15:23

gangren

Member

Beiträge: 420

#4 Gut, als nächstes:

1. Lade aswmbr von avast! herunter
http://public.avast.com/~gmerek/aswMBR.exe
Starte das Programm
wähle "Ja" bei der Frage nach avast-Engine.
Klicke auf Scan
Klicke nach dem Scan auf Save Log, speichere es ab und poste es bitte hier (nichts "Fixen")

08.12.2011, 17:44

CLedy

Member

Themenstarter

Beiträge: 42

#5 AVAST Log

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-08 17:06:15
-----------------------------
17:06:15.831 OS Version: Windows 6.0.6002 Service Pack 2
17:06:15.831 Number of processors: 2 586 0x1706
17:06:15.831 ComputerName: CHRISTIANLED-PC UserName:
17:06:51.508 Initialize success
17:10:56.555 AVAST engine defs: 11120800
17:11:05.307 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:11:05.322 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
17:11:07.350 Disk 0 MBR read successfully
17:11:07.350 Disk 0 MBR scan
17:11:07.381 Disk 0 unknown MBR code
17:11:07.397 Disk 0 scanning sectors +625139704
17:11:07.491 Disk 0 scanning C:\Windows\system32\drivers
17:11:32.669 Service scanning
17:11:33.995 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:11:34.681 Modules scanning
17:11:42.091 Disk 0 trace - called modules:
17:11:42.123 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85c311f8]<<
17:11:42.138 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eea850]
17:11:42.154 3 CLASSPNP.SYS[8b1a58b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85ca6b98]
17:11:42.154 \Driver\atapi[0x85ca3230] -> IRP_MJ_CREATE -> 0x85c311f8
17:11:43.636 AVAST engine scan C:\Windows
17:11:49.626 AVAST engine scan C:\Windows\system32
17:17:22.530 AVAST engine scan C:\Windows\system32\drivers
17:17:44.339 AVAST engine scan C:\Users\Christian Lederer
17:29:47.998 AVAST engine scan C:\ProgramData
17:34:05.513 Scan finished successfully
17:42:48.111 Disk 0 MBR has been saved successfully to "C:\Users\Christian Lederer\Desktop\BProtectus\MBR.dat"
17:42:48.127 The log file has been saved successfully to "C:\Users\Christian Lederer\Desktop\BProtectus\aswMBR.txt"

08.12.2011, 18:15

gangren

Member

Beiträge: 420

#6 Das sieht nicht gut aus.

1. TDSSKiller http://support.kaspersky.com/de/downloads/utils/tdsskiller.zip
Extrahiere die Zip-Datei auf den Desktop (die tdsskiller.exe soll direkt auf dem Desktop liegen, nicht in einem Ordner).
Starte tdsskiller.exe und klicke auf "Start Scan"
Wenn infizierte Dateien gefunden wurden, belasse die Einstellungen so wie sie sind und klicle auf "Continue". Wenn nach einem Neustart verlangt wird, klicke auf "Reboot Now".
Wenn kein Neustart verlangt wird, klicke auf "Report" und poste bitte das Log.
Wenn Neustart verlangt wird, kann das Log unter C:\TDSSKiller....log.txt gefunden werden, poste es bitte.

08.12.2011, 22:52

CLedy

Member

Themenstarter

Beiträge: 42

Zitat

Das sieht nicht gut aus.

na ich hoffe es besteht noch Hoffnung...

Einstellung habe ich belassen, lediglich den Report habe ich erstellt. Neustart wurde nicht verlangt.

22:49:04.0632 3472 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
22:49:05.0818 3472 ============================================================
22:49:05.0833 3472 Current date / time: 2011/12/08 22:49:05.0818
22:49:05.0833 3472 SystemInfo:
22:49:05.0833 3472
22:49:05.0833 3472 OS Version: 6.0.6002 ServicePack: 2.0
22:49:05.0833 3472 Product type: Workstation
22:49:05.0833 3472 ComputerName: CHRISTIANLED-PC
22:49:05.0833 3472 UserName: Christian Lederer
22:49:05.0833 3472 Windows directory: C:\Windows
22:49:05.0833 3472 System windows directory: C:\Windows
22:49:05.0833 3472 Processor architecture: Intel x86
22:49:05.0833 3472 Number of processors: 2
22:49:05.0833 3472 Page size: 0x1000
22:49:05.0833 3472 Boot type: Normal boot
22:49:05.0833 3472 ============================================================
22:49:07.0050 3472 Initialize success
22:49:09.0983 2892 ============================================================
22:49:09.0983 2892 Scan started
22:49:09.0983 2892 Mode: Manual;
22:49:09.0983 2892 ============================================================
22:49:10.0981 2892 acedrv11 (27f954120babb8a00f8745d8f5bc9b82) C:\Windows\system32\drivers\acedrv11.sys
22:49:11.0044 2892 acedrv11 - ok
22:49:11.0215 2892 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:49:11.0215 2892 ACPI - ok
22:49:11.0324 2892 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:49:11.0356 2892 adp94xx - ok
22:49:11.0449 2892 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:49:11.0465 2892 adpahci - ok
22:49:11.0527 2892 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:49:11.0558 2892 adpu160m - ok
22:49:11.0699 2892 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:49:11.0714 2892 adpu320 - ok
22:49:11.0792 2892 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
22:49:11.0792 2892 Afc - ok
22:49:11.0980 2892 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:49:12.0011 2892 AFD - ok
22:49:12.0151 2892 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:49:12.0167 2892 agp440 - ok
22:49:12.0245 2892 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:49:12.0260 2892 aic78xx - ok
22:49:12.0292 2892 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:49:12.0307 2892 aliide - ok
22:49:12.0463 2892 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:49:12.0463 2892 amdagp - ok
22:49:12.0650 2892 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:49:12.0650 2892 amdide - ok
22:49:12.0682 2892 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:49:12.0682 2892 AmdK7 - ok
22:49:12.0791 2892 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:49:12.0806 2892 AmdK8 - ok
22:49:12.0962 2892 AppleHFS (9c53678460957ec8f2f5dd5facb0a2bb) C:\Windows\system32\drivers\AppleHFS.sys
22:49:12.0978 2892 AppleHFS - ok
22:49:13.0009 2892 AppleMNT (ed4a92c3dd252493099b4791562ed3d2) C:\Windows\system32\drivers\AppleMNT.sys
22:49:13.0025 2892 AppleMNT - ok
22:49:13.0087 2892 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:49:13.0103 2892 arc - ok
22:49:13.0212 2892 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:49:13.0228 2892 arcsas - ok
22:49:13.0321 2892 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:49:13.0321 2892 AsyncMac - ok
22:49:13.0430 2892 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:49:13.0430 2892 atapi - ok
22:49:13.0586 2892 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys
22:49:13.0602 2892 atksgt - ok
22:49:13.0789 2892 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:49:13.0805 2892 avgntflt - ok
22:49:13.0961 2892 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
22:49:13.0976 2892 avipbb - ok
22:49:14.0101 2892 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:49:14.0117 2892 avkmgr - ok
22:49:14.0210 2892 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:49:14.0226 2892 Beep - ok
22:49:14.0320 2892 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:49:14.0335 2892 blbdrive - ok
22:49:14.0413 2892 BMserDiag (b900d52bd62b19f086eba674911a9aec) C:\Windows\system32\DRIVERS\BMserDiag.sys
22:49:14.0429 2892 BMserDiag - ok
22:49:14.0616 2892 BMserNmea (b900d52bd62b19f086eba674911a9aec) C:\Windows\system32\DRIVERS\BMserNmea.sys
22:49:14.0632 2892 BMserNmea - ok
22:49:14.0741 2892 BMusbmdm (b900d52bd62b19f086eba674911a9aec) C:\Windows\system32\DRIVERS\BMusbmdm.sys
22:49:14.0772 2892 BMusbmdm - ok
22:49:14.0866 2892 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:49:14.0881 2892 bowser - ok
22:49:14.0959 2892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:49:14.0975 2892 BrFiltLo - ok
22:49:15.0053 2892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:49:15.0053 2892 BrFiltUp - ok
22:49:15.0100 2892 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:49:15.0115 2892 Brserid - ok
22:49:15.0162 2892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:49:15.0193 2892 BrSerWdm - ok
22:49:15.0318 2892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:49:15.0334 2892 BrUsbMdm - ok
22:49:15.0396 2892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:49:15.0412 2892 BrUsbSer - ok
22:49:15.0536 2892 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:49:15.0552 2892 BthEnum - ok
22:49:15.0599 2892 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:49:15.0614 2892 BTHMODEM - ok
22:49:15.0724 2892 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:49:15.0724 2892 BthPan - ok
22:49:15.0880 2892 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:49:15.0926 2892 BTHPORT - ok
22:49:16.0004 2892 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:49:16.0020 2892 BTHUSB - ok
22:49:16.0098 2892 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:49:16.0114 2892 cdfs - ok
22:49:16.0254 2892 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:49:16.0270 2892 cdrom - ok
22:49:16.0332 2892 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:49:16.0348 2892 circlass - ok
22:49:16.0441 2892 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:49:16.0472 2892 CLFS - ok
22:49:16.0535 2892 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:49:16.0550 2892 CmBatt - ok
22:49:16.0675 2892 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:49:16.0722 2892 cmdide - ok
22:49:16.0769 2892 cmnsusbser (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
22:49:16.0784 2892 cmnsusbser - ok
22:49:16.0862 2892 cm_ser (33f77f7cb2c2efe34b3bc9cc716f73f3) C:\Windows\system32\DRIVERS\cm_ser.sys
22:49:16.0894 2892 cm_ser - ok
22:49:16.0940 2892 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:49:16.0956 2892 Compbatt - ok
22:49:17.0096 2892 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:49:17.0112 2892 crcdisk - ok
22:49:17.0143 2892 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:49:17.0159 2892 Crusoe - ok
22:49:17.0237 2892 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:49:17.0268 2892 DfsC - ok
22:49:17.0440 2892 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:49:17.0455 2892 disk - ok
22:49:17.0502 2892 DNE (7efbafdec4f543d43296bdbdf912bdd4) C:\Windows\system32\DRIVERS\dne2000.sys
22:49:17.0549 2892 DNE - ok
22:49:17.0720 2892 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:49:17.0720 2892 drmkaud - ok
22:49:17.0845 2892 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:49:17.0845 2892 DXGKrnl - ok
22:49:18.0001 2892 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:49:18.0017 2892 E1G60 - ok
22:49:18.0157 2892 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:49:18.0220 2892 Ecache - ok
22:49:18.0360 2892 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:49:18.0376 2892 elxstor - ok
22:49:18.0438 2892 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:49:18.0454 2892 ErrDev - ok
22:49:18.0563 2892 ewusbnet - ok
22:49:18.0610 2892 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:49:18.0625 2892 exfat - ok
22:49:18.0797 2892 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:49:18.0844 2892 fastfat - ok
22:49:18.0906 2892 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:49:18.0953 2892 fdc - ok
22:49:19.0280 2892 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:49:19.0312 2892 FileInfo - ok
22:49:19.0514 2892 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:49:19.0514 2892 Filetrace - ok
22:49:19.0624 2892 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:49:19.0624 2892 flpydisk - ok
22:49:19.0686 2892 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:49:19.0717 2892 FltMgr - ok
22:49:19.0904 2892 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:49:19.0904 2892 Fs_Rec - ok
22:49:19.0936 2892 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:49:19.0951 2892 gagp30kx - ok
22:49:19.0998 2892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:49:19.0998 2892 GEARAspiWDM - ok
22:49:20.0201 2892 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:49:20.0248 2892 HdAudAddService - ok
22:49:20.0310 2892 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:49:20.0326 2892 HDAudBus - ok
22:49:20.0466 2892 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:49:20.0482 2892 HidBth - ok
22:49:20.0528 2892 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:49:20.0544 2892 HidIr - ok
22:49:20.0669 2892 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:49:20.0669 2892 HidUsb - ok
22:49:20.0809 2892 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:49:20.0825 2892 HpCISSs - ok
22:49:20.0887 2892 HSPADataCardusbmdm - ok
22:49:20.0918 2892 HSPADataCardusbnmea - ok
22:49:20.0934 2892 HSPADataCardusbser6k - ok
22:49:21.0074 2892 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:49:21.0106 2892 HTTP - ok
22:49:21.0215 2892 hwdatacard - ok
22:49:21.0246 2892 hwusbdev - ok
22:49:21.0293 2892 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:49:21.0308 2892 i2omp - ok
22:49:21.0449 2892 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:49:21.0464 2892 i8042prt - ok
22:49:21.0558 2892 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:49:21.0589 2892 iaStorV - ok
22:49:21.0667 2892 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:49:21.0683 2892 iirsp - ok
22:49:21.0917 2892 IntcAzAudAddService (9ed3cf7322a49dac3eca62bb9928ca54) C:\Windows\system32\drivers\RTKVHDA.sys
22:49:21.0964 2892 IntcAzAudAddService - ok
22:49:22.0057 2892 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:49:22.0073 2892 intelide - ok
22:49:22.0120 2892 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:49:22.0120 2892 intelppm - ok
22:49:22.0182 2892 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:49:22.0198 2892 IpFilterDriver - ok
22:49:22.0322 2892 IpInIp - ok
22:49:22.0385 2892 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:49:22.0400 2892 IPMIDRV - ok
22:49:22.0510 2892 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:49:22.0525 2892 IPNAT - ok
22:49:22.0619 2892 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:49:22.0666 2892 IRENUM - ok
22:49:22.0759 2892 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:49:22.0775 2892 isapnp - ok
22:49:22.0822 2892 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:49:22.0822 2892 iScsiPrt - ok
22:49:22.0962 2892 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:49:22.0962 2892 iteatapi - ok
22:49:23.0071 2892 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:49:23.0087 2892 iteraid - ok
22:49:23.0149 2892 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:49:23.0165 2892 kbdclass - ok
22:49:23.0243 2892 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:49:23.0258 2892 kbdhid - ok
22:49:23.0321 2892 KeyAgent (fdc1337afece8b79edf502595c2495fd) C:\Windows\system32\drivers\KeyAgent.sys
22:49:23.0321 2892 KeyAgent - ok
22:49:23.0461 2892 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:49:23.0477 2892 KMWDFILTER - ok
22:49:23.0539 2892 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:49:23.0570 2892 KSecDD - ok
22:49:23.0680 2892 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
22:49:23.0695 2892 lirsgt - ok
22:49:23.0773 2892 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:49:23.0773 2892 lltdio - ok
22:49:23.0882 2892 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:49:23.0914 2892 LSI_FC - ok
22:49:23.0976 2892 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:49:23.0992 2892 LSI_SAS - ok
22:49:24.0070 2892 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:49:24.0085 2892 LSI_SCSI - ok
22:49:24.0132 2892 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:49:24.0148 2892 luafv - ok
22:49:24.0179 2892 MacHALDriver (12127a2a6ce664f5d9f3be0fdeb35e24) C:\Windows\system32\drivers\MacHALDriver.sys
22:49:24.0194 2892 MacHALDriver - ok
22:49:24.0288 2892 MBAMSwissArmy - ok
22:49:24.0366 2892 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:49:24.0382 2892 megasas - ok
22:49:24.0522 2892 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:49:24.0584 2892 MegaSR - ok
22:49:24.0616 2892 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:49:24.0631 2892 Modem - ok
22:49:24.0694 2892 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:49:24.0709 2892 monitor - ok
22:49:24.0756 2892 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:49:24.0772 2892 mouclass - ok
22:49:24.0834 2892 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:49:24.0834 2892 mouhid - ok
22:49:24.0974 2892 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:49:24.0990 2892 MountMgr - ok
22:49:25.0021 2892 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:49:25.0052 2892 mpio - ok
22:49:25.0099 2892 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:49:25.0115 2892 mpsdrv - ok
22:49:25.0271 2892 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:49:25.0302 2892 Mraid35x - ok
22:49:25.0396 2892 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:49:25.0427 2892 MRxDAV - ok
22:49:25.0552 2892 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:49:25.0567 2892 mrxsmb - ok
22:49:25.0676 2892 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:49:25.0708 2892 mrxsmb10 - ok
22:49:25.0832 2892 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:49:25.0848 2892 mrxsmb20 - ok
22:49:25.0973 2892 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
22:49:25.0988 2892 msahci - ok
22:49:26.0066 2892 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:49:26.0082 2892 msdsm - ok
22:49:26.0207 2892 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:49:26.0238 2892 Msfs - ok
22:49:26.0332 2892 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:49:26.0347 2892 msisadrv - ok
22:49:26.0425 2892 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:49:26.0441 2892 MSKSSRV - ok
22:49:26.0472 2892 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:49:26.0472 2892 MSPCLOCK - ok
22:49:26.0612 2892 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:49:26.0628 2892 MSPQM - ok
22:49:26.0737 2892 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:49:26.0768 2892 MsRPC - ok
22:49:26.0862 2892 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:49:26.0862 2892 mssmbios - ok
22:49:26.0971 2892 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:49:26.0971 2892 MSTEE - ok
22:49:27.0034 2892 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:49:27.0034 2892 Mup - ok
22:49:27.0143 2892 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:49:27.0158 2892 NativeWifiP - ok
22:49:27.0252 2892 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:49:27.0268 2892 NDIS - ok
22:49:27.0346 2892 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:49:27.0361 2892 NdisTapi - ok
22:49:27.0408 2892 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:49:27.0439 2892 Ndisuio - ok
22:49:27.0470 2892 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:49:27.0486 2892 NdisWan - ok
22:49:27.0564 2892 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:49:27.0564 2892 NDProxy - ok
22:49:27.0673 2892 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\Windows\system32\DRIVERS\netaapl.sys
22:49:27.0689 2892 Netaapl - ok
22:49:27.0782 2892 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:49:27.0798 2892 NetBIOS - ok
22:49:27.0876 2892 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:49:27.0892 2892 netbt - ok
22:49:28.0282 2892 NETw5v32 (0b214c6a4728f085fb64a29ed9c4de94) C:\Windows\system32\DRIVERS\NETw5v32.sys
22:49:28.0531 2892 NETw5v32 - ok
22:49:28.0672 2892 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:49:28.0672 2892 nfrd960 - ok
22:49:28.0765 2892 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:49:28.0765 2892 Npfs - ok
22:49:28.0937 2892 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:49:28.0952 2892 nsiproxy - ok
22:49:29.0046 2892 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:49:29.0093 2892 Ntfs - ok
22:49:29.0249 2892 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:49:29.0249 2892 ntrigdigi - ok
22:49:29.0296 2892 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:49:29.0296 2892 Null - ok
22:49:29.0374 2892 NVHDA (a103162c62c336c2cb3c5e1e2773d17b) C:\Windows\system32\drivers\nvhda32v.sys
22:49:29.0389 2892 NVHDA - ok
22:49:29.0717 2892 nvlddmkm (440690da4358d9682dbcc56da7d419ab) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:49:30.0060 2892 nvlddmkm - ok
22:49:30.0169 2892 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:49:30.0185 2892 nvraid - ok
22:49:30.0247 2892 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:49:30.0247 2892 nvstor - ok
22:49:30.0294 2892 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:49:30.0310 2892 nv_agp - ok
22:49:30.0388 2892 NwlnkFlt - ok
22:49:30.0403 2892 NwlnkFwd - ok
22:49:30.0606 2892 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:49:30.0622 2892 ohci1394 - ok
22:49:30.0684 2892 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:49:30.0700 2892 Parport - ok
22:49:30.0793 2892 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:49:30.0824 2892 partmgr - ok
22:49:30.0902 2892 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:49:30.0902 2892 Parvdm - ok
22:49:31.0058 2892 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:49:31.0058 2892 pci - ok
22:49:31.0277 2892 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:49:31.0292 2892 pciide - ok
22:49:31.0324 2892 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:49:31.0370 2892 pcmcia - ok
22:49:31.0589 2892 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:49:31.0651 2892 PEAUTH - ok
22:49:31.0885 2892 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:49:31.0901 2892 PptpMiniport - ok
22:49:31.0932 2892 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:49:31.0948 2892 Processor - ok
22:49:32.0072 2892 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:49:32.0072 2892 PSched - ok
22:49:32.0228 2892 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:49:32.0291 2892 ql2300 - ok
22:49:32.0447 2892 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:49:32.0478 2892 ql40xx - ok
22:49:32.0556 2892 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:49:32.0587 2892 QWAVEdrv - ok
22:49:32.0665 2892 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:49:32.0712 2892 RasAcd - ok
22:49:32.0790 2892 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:49:32.0821 2892 Rasl2tp - ok
22:49:32.0915 2892 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:49:32.0915 2892 RasPppoe - ok
22:49:32.0946 2892 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:49:32.0962 2892 RasSstp - ok
22:49:33.0008 2892 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:49:33.0024 2892 rdbss - ok
22:49:33.0118 2892 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:49:33.0118 2892 RDPCDD - ok
22:49:33.0196 2892 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:49:33.0227 2892 rdpdr - ok
22:49:33.0242 2892 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:49:33.0242 2892 RDPENCDD - ok
22:49:33.0398 2892 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:49:33.0430 2892 RDPWD - ok
22:49:33.0617 2892 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:49:33.0632 2892 RFCOMM - ok
22:49:33.0742 2892 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\Windows\system32\DRIVERS\RsFx0105.sys
22:49:33.0757 2892 RsFx0105 - ok
22:49:33.0851 2892 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:49:33.0866 2892 rspndr - ok
22:49:33.0929 2892 RTL2831UBDA (c2e8418e223df747856258969e264416) C:\Windows\system32\drivers\RTL2831UBDA.sys
22:49:33.0944 2892 RTL2831UBDA - ok
22:49:34.0038 2892 RTL2831UUSB (8155bfc527085c536cd85db3646d82f6) C:\Windows\system32\Drivers\RTL2831UUSB.sys
22:49:34.0038 2892 RTL2831UUSB - ok
22:49:34.0132 2892 RTL2832UBDA (9f9acc7e0c86d7f2e29fcb6f949173e1) C:\Windows\system32\drivers\RTL2832UBDA.sys
22:49:34.0147 2892 RTL2832UBDA - ok
22:49:34.0272 2892 RTL2832UUSB (ad5774a01bd623b4e2ef42b82b13a3f0) C:\Windows\system32\Drivers\RTL2832UUSB.sys
22:49:34.0288 2892 RTL2832UUSB - ok
22:49:34.0366 2892 RTL2832U_IRHID (636f046efd77b22f7c95716895d172e2) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
22:49:34.0366 2892 RTL2832U_IRHID - ok
22:49:34.0490 2892 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:49:34.0537 2892 sbp2port - ok
22:49:34.0615 2892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:49:34.0615 2892 secdrv - ok
22:49:34.0724 2892 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:49:34.0740 2892 Serenum - ok
22:49:34.0771 2892 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:49:34.0787 2892 Serial - ok
22:49:34.0818 2892 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:49:34.0834 2892 sermouse - ok
22:49:35.0021 2892 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:49:35.0036 2892 sffdisk - ok
22:49:35.0130 2892 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:49:35.0130 2892 sffp_mmc - ok
22:49:35.0208 2892 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:49:35.0208 2892 sffp_sd - ok
22:49:35.0255 2892 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:49:35.0255 2892 sfloppy - ok
22:49:35.0333 2892 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\Windows\system32\Drivers\SilvrLnk.sys
22:49:35.0364 2892 SilverLink - ok
22:49:35.0411 2892 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:49:35.0426 2892 sisagp - ok
22:49:35.0520 2892 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:49:35.0582 2892 SiSRaid2 - ok
22:49:35.0614 2892 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:49:35.0629 2892 SiSRaid4 - ok
22:49:35.0770 2892 SL2Usb (b6361977dd5d1cbc848c983e88444f6c) C:\Windows\system32\Drivers\SL2Usb.sys
22:49:35.0785 2892 SL2Usb - ok
22:49:35.0848 2892 SL2UsbNoSSL (e269c8786a0de4334d0db2d1db1463ff) C:\Windows\system32\Drivers\SL2UsbNoSSL.sys
22:49:35.0848 2892 SL2UsbNoSSL - ok
22:49:35.0910 2892 slabbus (70d7480eba6e5d2a1687809324237d98) C:\Windows\system32\DRIVERS\slabbus.sys
22:49:35.0926 2892 slabbus - ok
22:49:36.0066 2892 slabser (044c01804923a37e771a2b9750406979) C:\Windows\system32\DRIVERS\slabser.sys
22:49:36.0082 2892 slabser - ok
22:49:36.0191 2892 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:49:36.0222 2892 Smb - ok
22:49:36.0316 2892 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:49:36.0331 2892 spldr - ok
22:49:36.0440 2892 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\system32\Drivers\sptd.sys
22:49:36.0440 2892 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
22:49:36.0440 2892 sptd ( LockedFile.Multi.Generic ) - warning
22:49:36.0440 2892 sptd - detected LockedFile.Multi.Generic (1)
22:49:36.0674 2892 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:49:36.0706 2892 srv - ok
22:49:36.0752 2892 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:49:36.0768 2892 srv2 - ok
22:49:36.0846 2892 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:49:36.0862 2892 srvnet - ok
22:49:36.0924 2892 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:49:36.0940 2892 ssmdrv - ok
22:49:37.0080 2892 strmdrvl (005b0ff43c61f8a2dbbcb90cef523dd9) C:\Windows\system32\Drivers\strmdrvl.sys
22:49:37.0096 2892 strmdrvl - ok
22:49:37.0205 2892 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:49:37.0220 2892 swenum - ok
22:49:37.0361 2892 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:49:37.0392 2892 Symc8xx - ok
22:49:37.0470 2892 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:49:37.0486 2892 Sym_hi - ok
22:49:37.0610 2892 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:49:37.0610 2892 Sym_u3 - ok
22:49:37.0766 2892 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:49:37.0860 2892 Tcpip - ok
22:49:37.0938 2892 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:49:37.0954 2892 Tcpip6 - ok
22:49:38.0000 2892 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:49:38.0000 2892 tcpipreg - ok
22:49:38.0094 2892 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:49:38.0110 2892 TDPIPE - ok
22:49:38.0188 2892 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:49:38.0203 2892 TDTCP - ok
22:49:38.0297 2892 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:49:38.0312 2892 tdx - ok
22:49:38.0390 2892 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:49:38.0406 2892 TermDD - ok
22:49:38.0593 2892 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:49:38.0609 2892 tssecsrv - ok
22:49:38.0734 2892 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
22:49:38.0749 2892 TuneUpUtilitiesDrv - ok
22:49:38.0905 2892 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:49:38.0921 2892 tunmp - ok
22:49:38.0968 2892 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:49:38.0983 2892 tunnel - ok
22:49:39.0077 2892 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:49:39.0108 2892 uagp35 - ok
22:49:39.0155 2892 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:49:39.0186 2892 udfs - ok
22:49:39.0280 2892 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:49:39.0295 2892 uliagpkx - ok
22:49:39.0326 2892 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:49:39.0358 2892 uliahci - ok
22:49:39.0389 2892 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:49:39.0404 2892 UlSata - ok
22:49:39.0529 2892 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:49:39.0560 2892 ulsata2 - ok
22:49:39.0592 2892 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:49:39.0607 2892 umbus - ok
22:49:39.0732 2892 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
22:49:39.0763 2892 USBAAPL - ok
22:49:39.0826 2892 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
22:49:39.0841 2892 usbaudio - ok
22:49:39.0935 2892 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:49:39.0966 2892 usbccgp - ok
22:49:40.0028 2892 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:49:40.0044 2892 usbcir - ok
22:49:40.0184 2892 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:49:40.0184 2892 usbehci - ok
22:49:40.0262 2892 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:49:40.0278 2892 usbhub - ok
22:49:40.0418 2892 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:49:40.0434 2892 usbohci - ok
22:49:40.0481 2892 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:49:40.0496 2892 usbprint - ok
22:49:40.0606 2892 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:49:40.0606 2892 USBSTOR - ok
22:49:40.0668 2892 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:49:40.0699 2892 usbuhci - ok
22:49:40.0886 2892 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:49:40.0933 2892 usbvideo - ok
22:49:41.0027 2892 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:49:41.0042 2892 vga - ok
22:49:41.0105 2892 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:49:41.0120 2892 VgaSave - ok
22:49:41.0183 2892 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:49:41.0198 2892 viaagp - ok
22:49:41.0261 2892 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:49:41.0276 2892 ViaC7 - ok
22:49:41.0354 2892 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:49:41.0370 2892 viaide - ok
22:49:41.0401 2892 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:49:41.0417 2892 volmgr - ok
22:49:41.0557 2892 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:49:41.0604 2892 volmgrx - ok
22:49:41.0666 2892 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:49:41.0698 2892 volsnap - ok
22:49:41.0760 2892 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:49:41.0791 2892 vsmraid - ok
22:49:41.0932 2892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:49:41.0947 2892 WacomPen - ok
22:49:42.0025 2892 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:49:42.0025 2892 Wanarp - ok
22:49:42.0041 2892 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:49:42.0041 2892 Wanarpv6 - ok
22:49:42.0134 2892 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:49:42.0166 2892 Wd - ok
22:49:42.0244 2892 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:49:42.0275 2892 Wdf01000 - ok
22:49:42.0478 2892 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:49:42.0493 2892 WmiAcpi - ok
22:49:42.0618 2892 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:49:42.0634 2892 WpdUsb - ok
22:49:42.0727 2892 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:49:42.0774 2892 ws2ifsl - ok
22:49:42.0914 2892 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:49:42.0946 2892 WUDFRd - ok
22:49:43.0070 2892 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
22:49:43.0070 2892 yukonwlh - ok
22:49:43.0117 2892 MBR (0x1B8) (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk0\DR0
22:49:44.0131 2892 \Device\Harddisk0\DR0 - ok
22:49:44.0162 2892 Boot (0x1200) (982265b7a820973067ff52eb95ab728a) \Device\Harddisk0\DR0\Partition0
22:49:44.0162 2892 \Device\Harddisk0\DR0\Partition0 - ok
22:49:44.0194 2892 Boot (0x1200) (69de3dbd00cab02b815691ed8e780ae1) \Device\Harddisk0\DR0\Partition1
22:49:44.0194 2892 \Device\Harddisk0\DR0\Partition1 - ok
22:49:44.0194 2892 ============================================================
22:49:44.0194 2892 Scan finished
22:49:44.0194 2892 ============================================================
22:49:44.0225 2516 Detected object count: 1
22:49:44.0225 2516 Actual detected object count: 1
22:50:06.0782 2516 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:50:06.0782 2516 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Zitat

10.12.2011, 11:59

gangren

Member

Beiträge: 420

#8 Die Hoffnung stirbt zuletzt. TDSSKiller hat nichts gefunden, mit ein bisschen Glück schlägt aswmbr nur wegen Daemon an.

1. DeFogger http://www.jpshortstuff.247fixes.com/Defogger.exe
Starte das Programm und klicke auf "Disable"
Bestätige mit "Yes"
Nach der "Finished!" Nachricht klicke auf "OK"
Es wird nach einem Neustartt gefragt, bestätige mit "OK"

2. FixTDSS http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe
Starte das Programm und klicke auf "Start"
Lasse ein Neustart zu wenn das Programm danach fragt.

3. Poste bitte ein frisches aswmbr Log.

Alle Tools wie immer mit Rechtsklick "Als Administrator" starten, die Reihenfolge sollte eingehalten werden.

10.12.2011, 12:54

CLedy

Member

Themenstarter

Beiträge: 42

#9 Meldung bei TDSS Fix Tool 2.1.3 --- Backdoor.Tidserv has not been found on your computer

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-10 12:55:30
-----------------------------
12:55:30.330 OS Version: Windows 6.0.6002 Service Pack 2
12:55:30.330 Number of processors: 2 586 0x1706
12:55:30.330 ComputerName: CHRISTIANLED-PC UserName:
12:55:32.841 Initialize success
12:56:59.062 AVAST engine defs: 11120901
12:57:09.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:57:09.218 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
12:57:11.246 Disk 0 MBR read successfully
12:57:11.246 Disk 0 MBR scan
12:57:11.277 Disk 0 unknown MBR code
12:57:11.277 Disk 0 scanning sectors +625139704
12:57:11.386 Disk 0 scanning C:\Windows\system32\drivers
12:57:28.609 Service scanning
12:57:30.528 Modules scanning
12:57:36.986 Disk 0 trace - called modules:
12:57:37.002 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
12:57:37.017 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860a2ac8]
12:57:37.017 3 CLASSPNP.SYS[8ad9f8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858648d8]
12:57:38.187 AVAST engine scan C:\Windows
12:57:43.819 AVAST engine scan C:\Windows\system32
13:02:00.111 AVAST engine scan C:\Windows\system32\drivers
13:02:37.068 AVAST engine scan C:\Users\Christian Lederer
13:14:58.099 AVAST engine scan C:\ProgramData
13:18:01.430 Scan finished successfully
13:28:37.426 Disk 0 MBR has been saved successfully to "C:\Users\Christian Lederer\Desktop\BProtectus\MBR.dat"
13:28:37.442 The log file has been saved successfully to "C:\Users\Christian Lederer\Desktop\BProtectus\aswMBR2.txt"

Dieser Beitrag wurde am 10.12.2011 um 13:30 Uhr von CLedy editiert.

10.12.2011, 14:37

gangren

Member

Beiträge: 420

#10 Gut, es war nur Daemon, dieses Log ist sauber. Dann können wir ernst machen.

1. Folge nun bitte dieser Anleitung (und zwar genau)
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
und poste das Log.

10.12.2011, 18:30

CLedy

Member

Themenstarter

Beiträge: 42

#11 Antivir hat 3 x mal angeschlagen, obwohl es deaktiviert war, wie geht das??? Habe alle 3 mal auf vertrauenswürdiges Programm gedrückt.

ComboFix 11-12-10.01 - Christian Lederer 10.12.2011 17:49:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2040 [GMT 1:00]
ausgeführt von:: c:\users\Christian Lederer\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Christian Lederer_2\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system
c:\users\Christian Lederer_2\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\Offisync-UserSettings.config
c:\users\Christian Lederer_2\AppData\Roaming\Microsoft Corporation\2007 Microsoft Office system\ostelbuf.dat
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-10 bis 2011-12-10 ))))))))))))))))))))))))))))))
.
.
2011-12-10 17:06 . 2011-12-10 17:06 -------- d-----w- c:\users\Rickmers\AppData\Local\temp
2011-12-10 17:06 . 2011-12-10 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-10 17:06 . 2011-12-10 17:06 -------- d-----w- c:\users\Christian Lederer_2\AppData\Local\temp
2011-12-10 17:06 . 2011-12-10 17:09 -------- d-----w- c:\users\Christian Lederer\AppData\Local\temp
2011-12-10 16:32 . 2011-12-10 16:32 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C42D5BB-5E54-46D3-A348-A63BD81DA5F1}\offreg.dll
2011-12-09 09:59 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C42D5BB-5E54-46D3-A348-A63BD81DA5F1}\mpengine.dll
2011-12-08 09:12 . 2011-12-08 09:12 -------- d-----w- c:\users\Christian Lederer\AppData\Roaming\Malwarebytes
2011-12-08 09:11 . 2011-12-08 09:11 -------- d-----w- c:\programdata\Malwarebytes
2011-12-08 09:03 . 2011-12-08 09:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-12-08 09:03 . 2011-12-08 09:03 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-12-08 09:03 . 2011-12-08 09:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-12-08 09:03 . 2011-12-08 09:03 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-12-08 09:03 . 2011-12-08 09:03 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-12-08 09:03 . 2011-12-08 09:03 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-12-08 09:03 . 2011-12-08 09:03 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-12-08 09:03 . 2011-12-08 09:03 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-20 14:53 . 2011-11-20 14:53 -------- d-----w- c:\programdata\VS
2011-11-20 14:46 . 2011-11-20 14:46 -------- d-----w- c:\program files\Microsoft Silverlight
2011-11-20 14:43 . 2011-09-22 16:18 73064 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2011-11-20 14:43 . 2011-09-22 16:18 89960 ----a-w- c:\windows\system32\SQSRVRES.DLL
2011-11-16 19:50 . 2011-12-10 12:58 -------- d-----w- c:\users\Christian Lederer\AppData\Local\PokerStars
2011-11-16 19:50 . 2011-11-16 19:51 -------- d-----w- c:\program files\PokerStars
2011-11-14 07:50 . 2011-11-14 07:51 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-11-14 07:50 . 2011-11-14 07:50 -------- d-----w- c:\program files\DVDVideoSoft
2011-11-14 07:44 . 2011-11-14 07:52 -------- d-----w- c:\users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers
2011-11-13 17:57 . 2007-01-04 10:02 663552 ----a-w- c:\windows\system32\mgxoschk.dll
2011-11-13 08:05 . 2011-09-01 02:41 141088 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-11-13 08:05 . 2011-09-01 02:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-13 08:05 . 2011-09-01 02:26 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2011-11-13 08:05 . 2011-09-01 02:28 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-11-13 08:04 . 2011-09-01 02:35 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-13 08:04 . 2011-09-01 02:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-11-13 07:58 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-11-13 07:58 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-13 07:58 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-11-13 07:58 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-13 07:50 . 2011-11-13 07:50 -------- d-----w- c:\users\Christian Lederer\AppData\Local\ElevatedDiagnostics
2011-11-13 07:34 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-13 07:34 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-13 07:34 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-11 10:54 . 2011-11-20 08:35 -------- d-----w- c:\users\Christian Lederer\AppData\Local\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 16:31 . 2011-10-28 02:26 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-06 11:01 . 2010-08-28 11:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-20 14:59 . 2011-04-12 05:31 207008 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1031\ResourceCache.dll
2011-11-14 18:56 . 2011-06-05 20:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-19 15:03 . 2011-10-28 02:26 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 15:03 . 2011-10-28 02:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-09-22 16:18 . 2011-09-22 16:18 2570088 ----a-w- c:\windows\system32\sqlncli10.dll
2011-09-22 16:10 . 2011-09-22 16:10 239592 ----a-w- c:\windows\system32\drivers\RsFx0104.sys
2011-09-22 16:10 . 2011-09-22 16:10 238696 ----a-w- c:\windows\system32\drivers\RsFx0105.sys
2011-09-22 14:42 . 2011-09-22 14:42 32616 ----a-w- c:\windows\system32\DTSPipelinePerf100.dll
2011-09-21 05:29 . 2011-09-21 05:29 161792 ----a-w- c:\windows\system32\msls31.dll
2011-09-21 05:29 . 2011-09-21 05:29 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-21 05:29 . 2011-09-21 05:29 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-09-21 05:29 . 2011-09-21 05:29 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-09-21 05:29 . 2011-09-21 05:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-09-21 05:29 . 2011-09-21 05:29 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-09-21 05:29 . 2011-09-21 05:29 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-09-21 05:29 . 2011-09-21 05:29 367104 ----a-w- c:\windows\system32\html.iec
2011-09-21 05:29 . 2011-09-21 05:29 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-21 05:29 . 2011-09-21 05:29 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-21 05:29 . 2011-09-21 05:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-09-21 05:29 . 2011-09-21 05:29 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-09-21 05:29 . 2011-09-21 05:29 152064 ----a-w- c:\windows\system32\wextract.exe
2011-09-21 05:29 . 2011-09-21 05:29 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-09-21 05:29 . 2011-09-21 05:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-21 05:29 . 2011-09-21 05:29 11776 ----a-w- c:\windows\system32\mshta.exe
2011-09-21 05:29 . 2011-09-21 05:29 101888 ----a-w- c:\windows\system32\admparse.dll
2011-09-21 05:29 . 2011-09-21 05:29 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-20 16:22 . 2011-09-20 16:22 1138440 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-08 09:03 . 2011-12-08 09:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Christian Lederer\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-22 7289376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"TrayServer"="c:\progra~1\MAGIX\FILME_~1\TrayServer.exe" [2008-01-17 90112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Christian Lederer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\users\Christian Lederer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2008-02-02 00:19 58656 ----a-w- c:\program files\Nuance\PDF Professional 5\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2008-02-02 00:20 795936 ----a-w- c:\program files\Nuance\PDF Professional 5\PdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"EPSON Stylus D92 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "c:\users\CHRIST~1\AppData\Local\Temp\E_S7C12.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Professional 5\Ereg\Ereg.ini"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"TrayServer"=c:\program files\MAGIX\Filme_auf_DVD_9\TrayServer.exe
.
R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [2010-07-27 135168]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BMserDiag;Global Wireless Application Port2;c:\windows\system32\DRIVERS\BMserDiag.sys [2009-11-26 87424]
R3 BMserNmea;Global Wireless Application Port3;c:\windows\system32\DRIVERS\BMserNmea.sys [2009-11-26 87424]
R3 BMusbmdm;Global Wireless USB Driver;c:\windows\system32\DRIVERS\BMusbmdm.sys [2009-11-26 87424]
R3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\DRIVERS\cm_ser.sys [2010-07-10 103680]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2009-12-17 103424]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser6k;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser6k.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-03-16 17408]
R3 RTL2831UBDA;REALTEK 2831U BDA Driver;c:\windows\system32\drivers\RTL2831UBDA.sys [2008-08-21 94112]
R3 RTL2831UUSB;REALTEK 2831U USB Driver;c:\windows\system32\Drivers\RTL2831UUSB.sys [2008-08-21 32800]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-10-26 93344]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-10-26 32800]
R3 SL2Usb;SL2 Driver;c:\windows\system32\Drivers\SL2Usb.sys [2011-01-18 46200]
R3 SL2UsbNoSSL;SL2 Driver No SSL;c:\windows\system32\Drivers\SL2UsbNoSSL.sys [2011-01-18 46200]
R3 strmdrvl;Rane SL 2;c:\windows\system32\Drivers\strmdrvl.sys [2011-03-14 34376]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2009-07-22 136496]
R4 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2009-07-22 99632]
R4 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 47128]
R4 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-02 144672]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-05 697328]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-12-08 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-19 463824]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2009-07-22 5760]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2009-07-22 8576]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-09-16 1526080]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-21 3663360]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-07-22 44576]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-10 c:\windows\Tasks\User_Feed_Synchronization-{3251C32D-4FEE-41CD-B081-78DC39EF160C}.job
- c:\windows\system32\msfeedssync.exe [2011-09-21 05:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Christian Lederer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Mit Nuance PDF Converter 5.0 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100
IE: PDF-Datei aus Linkinhalt erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Datei erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Christian Lederer\AppData\Roaming\Mozilla\Firefox\Profiles\4fydp7rl.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.xul.error_pages.enabled - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 18:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
c:\program files\Avira\AntiVir Desktop\checkt.exe [3176] 0x85AC5BD0
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-10 18:16:13
ComboFix-quarantined-files.txt 2011-12-10 17:15
.
Vor Suchlauf: 11 Verzeichnis(se), 62.331.621.376 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 70.718.529.536 Bytes frei
.
- - End Of File - - 1C179BD3D2B065D258C7AB599153BD44

10.12.2011, 19:25

gangren

Member

Beiträge: 420

#12 Gute Frage, manchmal tut AntiVir nur so, als hätte es sich abgeschaltet und manchmal sogar deinstalliert.
Combofix hat nichts dramatisches zu Tage gefördet, sieht aus, als hätte Malwarebytes die meiste Arbeit getan.

1. TFC http://www.geekstogo.com/forum/files/download/187-tfc-temp-file-cleaner-by-oldtimer/
Starte das Programm und klicke auf "Start". Es wird temporäre Ordner bereinigen.

2. Abschließender Scan mit Eset:
http://www.eset.de/onlinescanner
(hier sollte der Browser als Administrator gestartet werden)
Poste bitte nach Ende des Scans das Log, normalerweise zu finden unter C:\Programme\Eset\EsetOnlineScanner\log.txt

3. Wie geht es dem Rechner?

11.12.2011, 08:59

CLedy

Member

Themenstarter

Beiträge: 42

#13 So und das abschliessende Protokoll.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f09b0152428af041b4c0e06e21684b85
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-10 11:49:02
# local_time=2011-12-11 12:49:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 3780481 3780481 0 0
# compatibility_mode=5892 16776573 100 100 18139 161081998 0 0
# compatibility_mode=8192 67108863 100 0 4041 4041 0 0
# scanned=314320
# found=1
# cleaned=1
# scan_time=11672
C:\Users\Christian Lederer\Desktop\Downloads\Anwendungen\installer_adobe_photoshop_cs2_1_0_21_Deutsch.exe Win32/Toggle Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C

11.12.2011, 11:45

gangren

Member

Beiträge: 420

#14

Zitat

installer_adobe_photoshop_cs2_1_0_21_Deutsch.exe

Finger weg von solchen Sachen, steht zwar installer drauf, ist aber keins drin. Und wäre einer drin gewesen, wär's illegal.

Wie geht es dem Rechner?

11.12.2011, 22:20

CLedy

Member

Themenstarter

Beiträge: 42

#15 Da muss ich dir recht geben, Finger weg. Ich werde es mir hinter die Ohren schreiben! Den Rechner geht es soweit gut. Die Auslastung ist okay, also ich denke wir haben das Problem gelöst, was meinst Du???

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2