|
Log-Analyse und Auswertung: Laut Telekom: Torpig/Mebroot - aber keine FundeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.10.2012, 14:27 | #1 |
| Laut Telekom: Torpig/Mebroot - aber keine Funde Hallo, das Telekom-Abuseteam hat auf eine Infektion mit Torpig/Mebroot hingewiesen. Das kam sehr unerwartet, da auf keinem Rechner ungewöhnliches Verhalten beobachtet wurde. Die erste Mail der Telekom kam am 1.10. wurde aber wegen Abwesenheit erst später zur Kenntnis genommen. Sinowal-artiges konnte ich nirgends ausmachen. Gibts sowas etwa auch schon für Android? Auf einem Laptop mit Vista x32 konnte ich keinen manipulierten MBR und keinerlei Malware entdecken. Bleibt noch ein PC mit Win7 x64. Zunächst habe ich einen Offlinescan mit Desinfec't durchgeführt. Damit wurden nur einige Einträge \AppData\Local\Temp\jar_cache*.tmp von Avira und Kaspersky entdeckt. Leider kann ich nicht mehr sagen, welcher Trojaner dahinter steckte. Als nächstes hat MbAM folgendes gefunden: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.26.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tante :: TANTE-PC [Administrator] 26.10.2012 20:33:05 mbam-log-2012-10-26 (20-33-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364258 Laufzeit: 38 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\Windows\ccdxmmde.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Windows\drss.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Windows\xessmsxe.dat (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) TDSSKiller hat nur einige unsignierte Treiber von HP gefunden. aswMBR hat folgendes ausgeworfen: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-10-26 23:10:35 ----------------------------- 23:10:35.809 OS Version: Windows x64 6.1.7601 Service Pack 1 23:10:35.809 Number of processors: 4 586 0x100 23:10:35.809 ComputerName: TANTE-PC UserName: Tante 23:10:37.540 Initialize success 23:12:32.130 AVAST engine defs: 12102601 23:14:52.452 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062 23:14:52.468 Disk 0 Vendor: ST310005 JC66 Size: 953869MB BusType: 11 23:14:52.483 Disk 0 MBR read successfully 23:14:52.483 Disk 0 MBR scan 23:14:52.499 Disk 0 unknown MBR code 23:14:52.499 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 23:14:52.530 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 901543 MB offset 206848 23:14:52.561 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 51200 MB offset 1846566912 23:14:52.577 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 1951424512 23:14:52.639 Disk 0 scanning C:\Windows\system32\drivers 23:15:02.826 Service scanning 23:15:20.844 Modules scanning 23:15:20.860 Disk 0 trace - called modules: 23:15:21.374 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 23:15:21.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800449a060] 23:15:21.390 3 CLASSPNP.SYS[fffff880015b943f] -> nt!IofCallDriver -> [0xfffffa80033ebac0] 23:15:21.406 5 amd_xata.sys[fffff8800110ab3f] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80040a3060] 23:15:28.519 AVAST engine scan C:\ 00:33:26.957 Scan finished successfully 00:42:38.917 Disk 0 MBR has been saved successfully to "C:\Users\Tante\Desktop\MBR.dat" 00:42:38.933 The log file has been saved successfully to "C:\Users\Tante\Desktop\aswMBR.txt" Code:
ATTFilter POWERRECOVER - PRESS <F11> TO RUN RECOVERY... Gmer läuft leider nur im eingeschränkten Modus: Nur Services/Registry/Files und ADS sind aktivierbar. Ist das dem x64-Modus geschuldet? Finden kann GMER so jedenfalls nichts. Gmer_mbr kann auch den ersetzten MBR nicht deuten: Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.1.7601 device: opened successfully user: error reading MBR error: Read Das Handle ist ungültig. kernel: error reading MBR Code:
ATTFilter ComboFix 12-10-26.01 - Tante 27.10.2012 0:59.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3576.2328 [GMT 2:00] ausgeführt von:: c:\users\Tante\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\cflog\EPLog.txt c:\programdata\Windows . . ((((((((((((((((((((((( Dateien erstellt von 2012-09-26 bis 2012-10-26 )))))))))))))))))))))))))))))) . . 2012-10-26 23:03 . 2012-10-26 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-26 21:05 . 2012-10-26 21:05 -------- d-----w- c:\users\Tante\AppData\Roaming\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1 2012-10-26 21:00 . 2012-10-26 21:06 -------- d-----w- c:\users\Tante\AppData\Local\NPE 2012-10-26 21:00 . 2012-10-26 21:00 -------- d-----w- c:\programdata\Norton 2012-10-26 20:59 . 2012-10-26 20:59 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-10-26 20:59 . 2012-10-26 20:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-10-26 20:59 . 2012-10-26 20:59 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-10-26 20:28 . 2012-10-26 20:28 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-10-26 20:20 . 2012-10-26 20:20 -------- d-----w- c:\program files (x86)\ESET 2012-10-26 18:45 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5C914FC5-C17A-429C-B51A-967748489D94}\mpengine.dll 2012-10-26 18:32 . 2012-10-26 18:32 -------- d-----w- c:\users\Tante\AppData\Roaming\Malwarebytes 2012-10-26 18:31 . 2012-10-26 18:31 -------- d-----w- c:\programdata\Malwarebytes 2012-10-26 18:31 . 2012-10-26 18:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-26 18:31 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-25 21:00 . 2012-10-25 21:00 208216 ----a-w- c:\windows\system32\drivers\75593888.sys 2012-10-25 20:54 . 2012-10-25 20:54 208216 ----a-w- c:\windows\system32\drivers\38188806.sys 2012-10-25 17:53 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-22 14:38 . 2012-10-22 14:38 0 ----a-w- c:\windows\SysWow64\sho47D9.tmp 2012-10-20 11:16 . 2012-10-14 13:00 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-20 11:16 . 2012-10-14 13:00 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{675B5416-4BB5-4D38-9454-F745FDD0395F}\gapaengine.dll 2012-10-16 17:32 . 2012-10-16 17:32 0 ----a-w- c:\windows\SysWow64\sho10B.tmp 2012-10-15 18:35 . 2012-10-15 18:35 0 ----a-w- c:\windows\SysWow64\sho12EA.tmp 2012-10-14 13:19 . 2012-10-14 13:19 0 ----a-w- c:\windows\SysWow64\sho3977.tmp 2012-10-14 12:59 . 2012-10-14 12:59 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-10-14 12:59 . 2012-10-14 13:00 -------- d-----w- c:\program files\Microsoft Security Client 2012-10-13 10:36 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-13 10:36 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-13 10:36 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-13 10:36 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-05 16:12 . 2012-10-05 16:12 0 ----a-w- c:\windows\SysWow64\shoAA46.tmp 2012-09-28 22:58 . 2012-09-28 22:58 0 ----a-w- c:\windows\SysWow64\sho95BD.tmp . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-13 12:05 . 2012-09-03 19:51 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-13 12:05 . 2011-10-14 12:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-27 22:18 . 2011-07-18 20:31 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-22 19:05 . 2012-09-22 19:05 0 ----a-w- c:\windows\SysWow64\sho7F4.tmp 2012-09-13 17:10 . 2012-09-13 17:10 0 ----a-w- c:\windows\SysWow64\shoFF26.tmp 2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 20:03 . 2012-08-30 20:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-24 11:15 . 2012-09-22 19:04 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 19:04 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 19:04 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 19:04 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 19:04 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 19:04 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 19:04 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 19:04 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 19:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 19:04 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 19:04 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 19:04 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 19:04 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 19:05 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 19:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 19:04 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 19:04 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 19:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 19:04 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 19:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 19:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 19:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-22 18:12 . 2012-09-12 12:27 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 12:27 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 12:27 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 12:27 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 13:47 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-08-20 17:38 . 2012-10-13 10:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-02 17:58 . 2012-09-12 12:27 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-12 12:27 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-10-26 3341464] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-15 343168] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] . c:\users\Tante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Versandhelfer.lnk - c:\program files (x86)\Versandhelfer\Versandhelfer.exe [2012-2-5 142336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ watchmi tray.lnk - c:\windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-2-5 300928] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 250808] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-27 1255736] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] R4 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-06-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-06-16 40064] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-10-26 56016] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-15 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-15 361984] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2011-10-07 70144] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2011-07-15 96896] S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-15 10206208] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-15 317952] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2011-07-15 214144] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-17 53376] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - aswMBR . Inhalt des "geplante Tasks" Ordners . 2012-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 12:05] . 2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 17:37] . 2012-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 17:37] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128] "MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.aldi.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.2.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file) SafeBoot-44397247.sys WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-10-27 01:05:25 ComboFix-quarantined-files.txt 2012-10-26 23:05 . Vor Suchlauf: 7 Verzeichnis(se), 867.382.169.600 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 871.622.832.128 Bytes frei . - - End Of File - - 50A34D99815D1A8C98143C6A2689A51C Code:
ATTFilter OTL logfile created on: 27.10.2012 02:07:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tante\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 58,09% Memory free 6,98 Gb Paging File | 5,54 Gb Available in Paging File | 79,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 811,85 Gb Free Space | 92,21% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 24,86 Gb Free Space | 49,72% Space Free | Partition Type: NTFS Drive F: | 1,90 Gb Total Space | 0,04 Gb Free Space | 2,37% Space Free | Partition Type: FAT32 Computer Name: TANTE-PC | User Name: Tante | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.26 17:33:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tante\Desktop\OTL.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.08.04 00:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.08.04 00:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2010.08.04 00:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011.09.15 22:43:54 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.09.15 19:30:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.10.13 14:05:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.07 12:23:08 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.05.28 04:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.26 22:28:38 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts) DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.09.15 20:37:32 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.09.15 18:53:00 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.17 22:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.07.15 22:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc) DRV:64bit: - [2011.07.15 22:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30) DRV:64bit: - [2011.06.16 21:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.06.16 21:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.02.18 18:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\..\SearchScopes,DefaultScope = {30A3BB3C-B802-4ADF-B756-E346C0267A53} IE - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\..\SearchScopes\{0063233C-50EA-4ECD-B482-08650149E9AB}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157 IE - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\..\SearchScopes\{30A3BB3C-B802-4ADF-B756-E346C0267A53}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) [2012.09.25 14:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tante\AppData\Roaming\mozilla\Firefox\extensions [2012.09.25 14:08:26 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Tante\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNE&bmod=MDNE CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Tante\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Tante\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Anti-Banner = C:\Users\Tante\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2012.10.27 01:03:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O4 - Startup: C:\Users\Tante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk = C:\Program Files (x86)\Versandhelfer\Versandhelfer.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2309023636-3032944619-1933479239-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30357ED6-DE96-4CCC-BBB8-739CF9BBE70D}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E700DAEE-439D-4EE4-962B-7D3507F98C6A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.27 02:06:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tante\Desktop\OTL.exe [2012.10.27 00:57:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.27 00:57:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.27 00:57:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.27 00:57:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.27 00:57:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.27 00:55:42 | 004,989,043 | R--- | C] (Swearware) -- C:\Users\Tante\Desktop\ComboFix.exe [2012.10.26 23:10:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tante\Desktop\aswMBR.exe [2012.10.26 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\Tante\AppData\Roaming\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1 [2012.10.26 23:00:22 | 000,000,000 | ---D | C] -- C:\Users\Tante\AppData\Local\NPE [2012.10.26 23:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.10.26 22:25:18 | 004,232,976 | ---- | C] (F-Secure Corporation) -- C:\Users\Tante\Desktop\fseasyclean.exe [2012.10.26 22:25:00 | 002,957,840 | ---- | C] (Symantec Corporation) -- C:\Users\Tante\Desktop\NPE.exe [2012.10.26 22:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.26 20:32:15 | 000,000,000 | ---D | C] -- C:\Users\Tante\AppData\Roaming\Malwarebytes [2012.10.26 20:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.26 20:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.26 20:31:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.26 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.25 23:00:08 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\75593888.sys [2012.10.25 22:54:01 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\38188806.sys [2012.10.14 14:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2012.10.14 14:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.27 02:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.27 01:47:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.27 01:03:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.10.27 00:53:43 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 00:53:43 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.27 00:46:24 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.27 00:46:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.27 00:46:06 | 2812,383,232 | -HS- | M] () -- C:\hiberfil.sys [2012.10.27 00:42:38 | 000,000,512 | ---- | M] () -- C:\Users\Tante\Desktop\MBR.dat [2012.10.26 23:05:06 | 000,001,037 | ---- | M] () -- C:\Users\Tante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk [2012.10.26 22:28:38 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys [2012.10.26 20:31:58 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 17:33:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tante\Desktop\OTL.exe [2012.10.26 16:12:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tante\Desktop\aswMBR.exe [2012.10.26 15:58:00 | 004,989,043 | R--- | M] (Swearware) -- C:\Users\Tante\Desktop\ComboFix.exe [2012.10.25 23:00:09 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\75593888.sys [2012.10.25 22:54:01 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\38188806.sys [2012.10.25 22:53:11 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.25 22:53:11 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.25 22:53:11 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.25 22:53:11 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.25 22:53:11 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.25 19:07:32 | 000,147,456 | ---- | M] () -- C:\Users\Tante\Desktop\jk,l.exe [2012.10.25 19:07:32 | 000,147,456 | ---- | M] () -- C:\Users\Tante\Desktop\catchme.exe [2012.10.25 18:52:18 | 000,089,088 | ---- | M] () -- C:\Users\Tante\Desktop\gmer_mbr.exe [2012.10.25 18:52:18 | 000,089,088 | ---- | M] () -- C:\Users\Tante\Desktop\ghdfd.exe [2012.10.25 09:26:42 | 002,957,840 | ---- | M] (Symantec Corporation) -- C:\Users\Tante\Desktop\NPE.exe [2012.10.25 09:24:20 | 004,232,976 | ---- | M] (F-Secure Corporation) -- C:\Users\Tante\Desktop\fseasyclean.exe [2012.10.21 17:26:39 | 491,805,104 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.19 15:05:38 | 004,472,883 | ---- | M] () -- C:\Users\Tante\Documents\P1070489.JPG [2012.10.16 16:40:42 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.10.14 15:00:04 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.10.14 14:41:56 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2012.10.13 12:49:08 | 000,002,712 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.10.03 16:08:57 | 000,187,176 | ---- | M] () -- C:\Users\Tante\Documents\87FE3D97-EC4B-4AD5-85C2-FD482E4AA555.jpg [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.27 00:57:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.27 00:57:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.27 00:57:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.27 00:57:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.27 00:57:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.27 00:53:06 | 000,147,456 | ---- | C] () -- C:\Users\Tante\Desktop\catchme.exe [2012.10.27 00:42:38 | 000,000,512 | ---- | C] () -- C:\Users\Tante\Desktop\MBR.dat [2012.10.26 23:05:06 | 000,001,037 | ---- | C] () -- C:\Users\Tante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Versandhelfer.lnk [2012.10.26 22:28:38 | 000,056,016 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys [2012.10.26 20:31:58 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 20:27:54 | 000,089,088 | ---- | C] () -- C:\Users\Tante\Desktop\gmer_mbr.exe [2012.10.25 23:23:09 | 000,147,456 | ---- | C] () -- C:\Users\Tante\Desktop\jk,l.exe [2012.10.25 23:23:09 | 000,089,088 | ---- | C] () -- C:\Users\Tante\Desktop\ghdfd.exe [2012.10.19 16:13:22 | 004,472,883 | ---- | C] () -- C:\Users\Tante\Documents\P1070489.JPG [2012.10.16 16:40:41 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.10.14 15:00:04 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.10.14 14:59:59 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.10.14 14:41:56 | 000,000,118 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2012.10.03 16:08:53 | 000,187,176 | ---- | C] () -- C:\Users\Tante\Documents\87FE3D97-EC4B-4AD5-85C2-FD482E4AA555.jpg [2012.09.02 16:38:32 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.18 14:22:34 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.02.18 13:37:47 | 000,219,761 | ---- | C] () -- C:\Windows\hpwins23.dat [2012.02.18 13:37:47 | 000,001,501 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2011.10.28 01:13:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.10.27 01:24:52 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.15 22:52:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.16 22:08:15 | 000,000,000 | ---D | M] -- C:\Users\Tante\AppData\Roaming\.minecraft [2012.10.26 23:05:05 | 000,000,000 | ---D | M] -- C:\Users\Tante\AppData\Roaming\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1 [2012.10.26 22:57:53 | 000,000,000 | ---D | M] -- C:\Users\Tante\AppData\Roaming\Origin [2012.09.04 20:48:13 | 000,000,000 | ---D | M] -- C:\Users\Tante\AppData\Roaming\SoftGrid Client [2012.09.02 16:39:07 | 000,000,000 | ---D | M] -- C:\Users\Tante\AppData\Roaming\TP [2012.09.04 19:12:32 | 000,000,000 | ---D | M] -- C:\Users\Tante\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.10.2012 02:07:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tante\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 58,09% Memory free 6,98 Gb Paging File | 5,54 Gb Available in Paging File | 79,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 811,85 Gb Free Space | 92,21% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 24,86 Gb Free Space | 49,72% Space Free | Partition Type: NTFS Drive F: | 1,90 Gb Total Space | 0,04 Gb Free Space | 2,37% Space Free | Partition Type: FAT32 Computer Name: TANTE-PC | User Name: Tante | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E549B7C-DD87-4448-B4F3-E780E960B232}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D0034C9-699B-4578-97EA-32B912F875EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1DDC207C-2C26-40A4-90B9-F2A5CA436BDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{282A36E6-C237-471C-B3F2-526B04015CA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2AFF66AC-AB6B-4789-A202-D077AFB6284C}" = rport=138 | protocol=17 | dir=out | app=system | "{32A1500A-42AA-48B5-A313-F64DA1EA0B4A}" = lport=138 | protocol=17 | dir=in | app=system | "{3F0CB73A-4640-4B7B-A0AC-524E66E23823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4ACD1FDC-FCDF-4D88-AC5E-AF78A1A6249D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{55821834-3DBE-454C-96F8-1D688BB4E826}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{572AD40F-CA78-4B42-8F30-0C0B4C52F62E}" = rport=445 | protocol=6 | dir=out | app=system | "{599CED2C-5992-43DC-96FE-31148C488024}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{60624015-76E3-491A-9755-C292A2969613}" = lport=2869 | protocol=6 | dir=in | app=system | "{679C2D5B-6434-4426-BF13-7E8FBECDE327}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{859465EA-E2EF-4C0E-BDA4-0A1B7F7AC5DF}" = rport=10243 | protocol=6 | dir=out | app=system | "{8A946E28-B742-4248-8472-925C3FE79BD6}" = lport=10243 | protocol=6 | dir=in | app=system | "{8C3FE4FC-2CDF-42E6-832F-A5C14908745D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8D8A71E8-C972-4FA5-816F-289D08E94111}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BB5EA04B-4496-4465-AB18-A390EC4FC138}" = lport=139 | protocol=6 | dir=in | app=system | "{BF058E70-2293-4068-8AC9-FC2CFC4D5678}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C02BA264-FE52-44F0-951A-AACF72E62CAE}" = lport=445 | protocol=6 | dir=in | app=system | "{D2739D6E-6816-47DA-80AC-45739139420B}" = rport=137 | protocol=17 | dir=out | app=system | "{D63C74F5-9DCE-4F49-A501-D838905BB8A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{DC3082FF-18AF-4607-B7B3-B356F362D68A}" = lport=137 | protocol=17 | dir=in | app=system | "{E2A2CE13-638F-49D6-9E9D-C2D899F44C5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FA798F5A-CDC2-4519-B2EE-FDD7DC8F9EF5}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10960D8C-0754-43AB-A8DC-84DD8063A2E5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{12036E19-269F-432A-A899-641B2701058E}" = protocol=6 | dir=out | app=system | "{137FE5F5-B0FD-4D50-86E5-AAD0BD7C06AF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{14F82B39-91AE-41AA-A123-3D81FA0BBDF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1886DD17-1EC4-44F9-A58B-7DB236DFA634}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1CF06AFB-90F8-406F-BB88-762A8DC2B6DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{29EEC5C2-FDCD-4511-BF6B-AAFCECE0D379}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | "{35794670-137D-412B-9944-7EAC3D9E380E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{44525549-8553-46CB-B05B-CB116A6A0C5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4A30F2B4-309D-4DB0-B9F9-A466E84DC788}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{50CFDAB9-1114-44AB-AE02-F2DB849312BE}" = protocol=6 | dir=in | app=c:\users\tante\appdata\local\microsoft\windows\temporary internet files\content.ie5\x17p7aqx\crossfire_downloader (1).exe | "{5C3B740B-DD03-4193-9C54-BF6C4E4E9183}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5DA202D3-4D35-4677-9D56-45D66F8BACC2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{642F65E9-2E60-431F-80D7-A4B5FFC82D9E}" = protocol=17 | dir=in | app=c:\users\tante\appdata\local\microsoft\windows\temporary internet files\content.ie5\x17p7aqx\crossfire_downloader.exe | "{65185ED6-F9B1-4911-911E-F2AFEAB9D493}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{733D60C5-82BB-437C-9AEB-912023545BCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{76A63D33-AA36-4F39-98C4-58172960A81B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7C867A44-768C-40BD-B437-DD321B021E9B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | "{804A4993-8792-4390-8E54-330C7540063D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{80FCFC1E-4D77-4400-91CC-2742D240C675}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8555C6B9-960A-41B5-9DFF-581759C9FDC4}" = protocol=6 | dir=in | app=c:\users\tante\appdata\local\microsoft\windows\temporary internet files\content.ie5\x17p7aqx\crossfire_downloader.exe | "{85832019-5E10-4687-9BE8-ECC6260C4DFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{8BE7574E-8E45-41A7-8A56-07DA7F865385}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{975D55BF-80A6-4D27-912D-134CAF282618}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9881EE48-FB7E-4DB7-9C4E-ABD6AF7860CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A12C6095-0DFA-4FED-B599-400A46AF06AC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A5FAD86A-A4DE-4C88-B690-5F9D4447248B}" = protocol=17 | dir=in | app=c:\users\tante\appdata\local\microsoft\windows\temporary internet files\content.ie5\x55sjjj1\crossfire_downloader.exe | "{A75CB8FC-AE25-458E-AE1C-5F8F57A9E8E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AA2A1202-50EF-4C63-BB19-21FD5D947239}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B0575C87-8305-479E-A21B-E56DFB897460}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{B9CE43DE-420D-4A07-8E97-C22D8A2BF08C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{C0B4056E-B896-435C-BBE5-FF8029F17959}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{C5290A70-C64E-466B-8D53-68CBAE6C89D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C9DE70FD-5511-4D3C-AE1B-2C689F5B90CC}" = protocol=17 | dir=in | app=c:\users\tante\appdata\local\microsoft\windows\temporary internet files\content.ie5\x17p7aqx\crossfire_downloader (1).exe | "{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{D21FACEA-1920-4AED-95C8-2DCBBBDE36BD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D725CE74-3F70-4F6D-8BBE-DB8B9C72FDC6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D9B0448A-2159-4D4C-AC8C-E08750B727D4}" = protocol=6 | dir=in | app=c:\users\tante\appdata\local\microsoft\windows\temporary internet files\content.ie5\x55sjjj1\crossfire_downloader.exe | "{DF2859A6-6354-428B-85E6-ADFEC8F8B0A0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E0DC18E7-AED0-401A-AC92-A2DF0BBCBA3D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E7527576-7732-4055-9DEA-80163CE693F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E945942C-702E-47BA-99C7-66AFC3CACA2C}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | "{E9F40B9C-B72E-49F8-834C-F1344946FDF0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{EFE7A3D9-564D-4A45-9961-21B0935B013D}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0348F1C7-2092-A05D-DC67-8ECA9EA72C20}" = AMD Catalyst Install Manager "{127E1248-A609-821B-EA88-FCCF4E0307A9}" = AMD Media Foundation Decoders "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1E7837A9-DA9E-EF6B-E333-C7AA3BF8D976}" = AMD Fuel "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64 "{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}" = HP Officejet 6500 E709 Series "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{89271886-F32B-06E0-E2A4-0D1CC526CFFB}" = AMD AVIVO64 Codecs "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{8F4884F1-488D-4738-8F71-65A378BB484C}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{C8A7B3DB-BCD1-3222-BB07-1DB1A3A78F42}" = ccc-utility64 "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E71206EE-5DAB-7AD1-3529-F299BD22C89C}" = AMD Drag and Drop Transcoding "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content "_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe "{04511133-CA6E-7FA6-3942-955C43463FF6}" = CCC Help Swedish "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires "{11968F04-71FB-4C8C-B4D8-14FA4171EE36}" = 6500_E709_Help_BasicWeb "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{12433C2C-1BE2-D066-3481-EB5A7C4A60F1}" = Catalyst Control Center Localization All "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{2667D62E-4BC7-D44B-271F-6760AFF93836}" = CCC Help Japanese "{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B03836C-B121-73F6-DC13-DCF2EBAC6AEF}" = CCC Help Italian "{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{409DC300-28AF-468F-9624-1F3309701881}" = watchmi "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{616DE557-9500-C725-FFBB-6E46490991E2}" = CCC Help German "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}" = Die Sims™ Inselgeschichten "{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E0B7E44-D1E2-3479-B682-B028409D61C6}" = CCC Help Spanish "{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires "{7189F66A-1560-1573-05C9-DE53613AEA1A}" = Versandhelfer "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Insel 2 "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw "{86196C81-759C-4F74-8DFF-36F9F50FEEAC}" = 6500_E709_BasicWeb "{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension "{BC778FCB-F3B3-5D3A-4E14-C72226C2C089}" = CCC Help Dutch "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C1A615C6-C85F-96C9-4992-150382CCBE45}" = Catalyst Control Center InstallProxy "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common "{D196FC94-EF3D-2CF0-D519-D295F208D828}" = CCC Help Norwegian "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF58494C-92FF-D581-90C7-9832F9306948}" = CCC Help Danish "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E96EABC8-3CF2-4461-C65A-FA1EDF152B80}" = CCC Help Finnish "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F040E490-9BA8-D1B8-6D51-32ACA18D888E}" = CCC Help English "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3577B19-E52F-59C8-51C1-7CDF8E80045C}" = CCC Help French "{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN "{FAD96046-769E-4A4B-949B-8D29D885EFD6}" = BPDSoftware_Ini "{FAF3E310-5674-C2F1-F4D9-7B0948CC1164}" = AMD VISION Engine Control Center "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo Burning Studio_is1" = Ashampoo Burning Studio "Ashampoo Photo Commander_is1" = Ashampoo Photo Commander "Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer "Ashampoo Snap_is1" = Ashampoo Snap "Cross Fire_is1" = Cross Fire En "Crossfire Europe" = Crossfire Europe "dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "myMugle3.0.0.0" = myMugle "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Origin" = Origin "PCSUITE_SHREDDER_PRO_is1" = PCSUITE SHREDDER "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.10.2012 19:03:51 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" Error - 26.10.2012 19:03:51 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" Error - 26.10.2012 19:03:59 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" Error - 26.10.2012 19:03:59 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" Error - 26.10.2012 19:03:59 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" Error - 26.10.2012 19:03:59 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" Error - 26.10.2012 19:05:27 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" Error - 26.10.2012 19:05:27 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" Error - 26.10.2012 19:05:27 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" Error - 26.10.2012 19:05:27 | Computer Name = Tante-PC | Source = Bonjour Service | ID = 100 Description = AppendDNSNameString: Illegal empty label in name ".green" [ System Events ] Error - 07.09.2012 13:00:40 | Computer Name = Tante-PC | Source = DCOM | ID = 10016 Description = Error - 07.09.2012 13:00:41 | Computer Name = Tante-PC | Source = DCOM | ID = 10016 Description = Error - 12.09.2012 10:51:05 | Computer Name = Tante-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000 Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b Error - 16.09.2012 08:20:01 | Computer Name = Tante-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht. Error - 16.09.2012 08:20:01 | Computer Name = Tante-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 24.09.2012 06:43:09 | Computer Name = Tante-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?24.?09.?2012 um 12:41:43 unerwartet heruntergefahren. Error - 24.09.2012 06:43:13 | Computer Name = Tante-PC | Source = BugCheck | ID = 1001 Description = Error - 26.09.2012 09:41:59 | Computer Name = Tante-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst MemeoBackgroundService erreicht. Error - 26.09.2012 09:41:59 | Computer Name = Tante-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MemeoBackgroundService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 28.09.2012 08:00:21 | Computer Name = Tante-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?27.?09.?2012 um 16:42:24 unerwartet heruntergefahren. < End of report > Schönen Dank und sonniges WE |
27.10.2012, 21:16 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Laut Telekom: Torpig/Mebroot - aber keine Funde Wer hat dir geraten Combofix auszuführen?
__________________Diesen Hinweis haben wir nicht zur Deko da! Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
29.10.2012, 11:42 | #3 |
| Laut Telekom: Torpig/Mebroot - aber keine Funde Hi cosinus,
__________________wieso der Hinweis mit den Codetags? Ist doch alles so gemacht? Niemand hatte mir dazu geraten Combofix zu verwenden. Ich hatte ursprünglich auch nicht vor dieses Board zu bemühen. Ich hoffe, ich darf hier trotzdem posten!? Da ich keinerlei Hinweise für Sinowal deuten konnte, wollte ich noch Mal ein fachmännische Auge drüberschauen lassen. Von MbAM gibt es keine weiteren Logs. Der MBR wurde gegen das MS-Original getauscht und somit sollte die Quelle des Übels doch ausgehebelt sein - oder? Kann/sollte ich noch etwas anderes machen? Läuft GMER bei x64 grundsätzlich eingeschränkt? Und Gmer_MBR funktioniert da auch nicht? Viele Grüße |
29.10.2012, 14:12 | #4 | |||
/// Winkelfunktion /// TB-Süch-Tiger™ | Laut Telekom: Torpig/Mebroot - aber keine FundeZitat:
Zitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
29.10.2012, 21:53 | #5 |
| Laut Telekom: Torpig/Mebroot - aber keine Funde Und hast du noch irgendwelche Vorschläge? Was kann die Tkom veranlasst haben die Mail zu schicken? Gruß |
31.10.2012, 16:42 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Laut Telekom: Torpig/Mebroot - aber keine FundeZitat:
__________________ --> Laut Telekom: Torpig/Mebroot - aber keine Funde |
Themen zu Laut Telekom: Torpig/Mebroot - aber keine Funde |
acrobat update, avira, bho, bonjour, classpnp.sys, computer, desktop, downloader, error, fehler, firefox, flash player, google, hal.dll, home, homepage, kaspersky, log file, logfile, malware, microsoft office starter 2010, nodrives, officejet, origin, plug-in, realtek, security, svchost.exe, symantec, tastatur, trojaner, unknown mbr, updates, usb 2.0, usb 3.0, vista |