| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kazy.mekml.1 seit gestern abendWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.04.2011, 08:54
| #1 |
 |  Kazy.mekml.1 seit gestern abend Hallo zusammen, auch ich habe seit gestern abend den Trojaner Kazy. Ich bin nicht besonders PC versiert, es hat sich folgendes zugetragen und ich habe bisher getan: Gestern abend sprang ein Flashupdate auf, welches ich mehrmals abgebrochen habe. Plötzlich war mein Desktop schwarz, alle privaten Dateien weg, kritischer Fehler und so weiter, ihr kennt es ja nun schon von einigen anderen. Antivir sprang auf und meldete mir den Kazy. Ich habe die in Quarantäne steckende Datei gelöscht, nochmals einen Komplettscan gemacht, ohne Ergebnisse, habe den Rechner dann erstmal ausgemacht und drüber geschlafen. Soviel weiss ich ja, dass es damit bei einem Trojaner für gewöhnlich nicht getan hat. Heute morgen hoch gefahren, Antivirmeldung: Trojaner Kazy. Da ist er also wieder. Gestern hatte ich angeblich keine Festplatte. Heute zeigt mir Windows aber wenigstens im Explorer wieder meine Programme an. Hab mich dann erstmal hier durch die Threads gelesen und festgestellt, dass ihr sehr individuell mit den Kazys umgeht, daher mein Thread mit der Bitte um Hilfe, ohne dass ich alleine irgendetwas versuche und womöglich falsch mache. Hier die Antivirmeldung von gestern abend: ____________________________________________________________ Avira AntiVir Personal Erstellungsdatum der Reportdatei: Sonntag, 24. April 2011 22:39 Es wird nach 2580902 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : LOUNGE Versionsinformationen: BUILD.DAT : 10.0.0.635 31822 Bytes 07.03.2011 12:02:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 08.12.2010 19:48:44 AVSCAN.DLL : 10.0.3.0 56168 Bytes 02.08.2010 15:09:45 LUKE.DLL : 10.0.3.2 104296 Bytes 08.12.2010 19:48:45 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 16:59:26 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 20:54:33 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 17:28:43 VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 17:28:43 VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 17:28:44 VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 17:28:44 VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 17:28:44 VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 17:28:44 VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 17:28:44 VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 17:28:44 VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 17:28:44 VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 17:28:44 VBASE013.VDF : 7.11.6.28 158208 Bytes 11.04.2011 17:28:44 VBASE014.VDF : 7.11.6.74 116224 Bytes 13.04.2011 07:05:15 VBASE015.VDF : 7.11.6.113 137728 Bytes 14.04.2011 07:05:15 VBASE016.VDF : 7.11.6.150 146944 Bytes 18.04.2011 17:29:59 VBASE017.VDF : 7.11.6.151 2048 Bytes 18.04.2011 17:29:59 VBASE018.VDF : 7.11.6.152 2048 Bytes 18.04.2011 17:29:59 VBASE019.VDF : 7.11.6.153 2048 Bytes 18.04.2011 17:29:59 VBASE020.VDF : 7.11.6.154 2048 Bytes 18.04.2011 17:29:59 VBASE021.VDF : 7.11.6.155 2048 Bytes 18.04.2011 17:29:59 VBASE022.VDF : 7.11.6.156 2048 Bytes 18.04.2011 17:29:59 VBASE023.VDF : 7.11.6.157 2048 Bytes 18.04.2011 17:29:59 VBASE024.VDF : 7.11.6.158 2048 Bytes 18.04.2011 17:29:59 VBASE025.VDF : 7.11.6.159 2048 Bytes 18.04.2011 17:29:59 VBASE026.VDF : 7.11.6.160 2048 Bytes 18.04.2011 17:29:59 VBASE027.VDF : 7.11.6.161 2048 Bytes 18.04.2011 17:29:59 VBASE028.VDF : 7.11.6.162 2048 Bytes 18.04.2011 17:29:59 VBASE029.VDF : 7.11.6.163 2048 Bytes 18.04.2011 17:29:59 VBASE030.VDF : 7.11.6.164 2048 Bytes 18.04.2011 17:29:59 VBASE031.VDF : 7.11.6.187 120832 Bytes 19.04.2011 19:44:45 Engineversion : 8.2.4.208 AEVDF.DLL : 8.1.2.1 106868 Bytes 02.08.2010 15:09:30 AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 04.04.2011 17:08:52 AESCN.DLL : 8.1.7.2 127349 Bytes 22.11.2010 18:51:57 AESBX.DLL : 8.1.3.2 254324 Bytes 22.11.2010 18:52:15 AERDL.DLL : 8.1.9.9 639347 Bytes 27.03.2011 15:44:42 AEPACK.DLL : 8.2.6.0 549237 Bytes 11.04.2011 17:28:47 AEOFFICE.DLL : 8.1.1.20 205177 Bytes 04.04.2011 17:08:52 AEHEUR.DLL : 8.1.2.98 3441014 Bytes 15.04.2011 07:05:21 AEHELP.DLL : 8.1.16.1 246134 Bytes 06.02.2011 15:23:07 AEGEN.DLL : 8.1.5.4 397684 Bytes 04.04.2011 17:05:20 AEEMU.DLL : 8.1.3.0 393589 Bytes 22.11.2010 18:51:18 AECORE.DLL : 8.1.20.2 196982 Bytes 11.04.2011 17:28:47 AEBB.DLL : 8.1.1.0 53618 Bytes 02.08.2010 15:09:25 AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:33 AVPREF.DLL : 10.0.0.0 44904 Bytes 02.08.2010 15:09:33 AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 14:26:53 AVREG.DLL : 10.0.3.2 53096 Bytes 02.08.2010 15:09:33 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 08.12.2010 19:48:45 AVARKT.DLL : 10.0.22.6 231784 Bytes 08.12.2010 19:48:44 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02.08.2010 15:09:32 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:33 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.08.2010 15:09:45 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4e9246b8\guard_slideup.avp Protokollierung.......................: niedrig Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +PCK,+PFS,+SPR, Beginn des Suchlaufs: Sonntag, 24. April 2011 22:39 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'Com4QLBEx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HpqToaster.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WiFiMsg.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vds.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hpqwmiex.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'vdsldr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'db_daemon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'gconfd-2.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'attrib.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'attrib.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'dbus-daemon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'cmd.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mcserver.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'efHhjWihQgMsG.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LightScribeControlPanel.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'YouCamTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'YCMMirage.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HPHC_Scheduler.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sttray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'GrooveMonitor.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HPWAMain.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hpwuSchd2.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'reader_sl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HPKBDAPP.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'QLBCTRL.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'QPService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BLService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'QPSched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'QPCapSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Netzmanager_Service.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'aestsrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Hpservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'STacSV.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\ProgramData\42327816.exe' C:\ProgramData\42327816.exe [FUND] Ist das Trojanische Pferd TR/Kazy.mekml.1 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49d92a3a.qua' verschoben! Ende des Suchlaufs: Sonntag, 24. April 2011 22:40 Benötigte Zeit: 01:08 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 85 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 84 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Die Suchergebnisse werden an den Guard übermittelt. __________________________________________________________ Ich habe dann gelesen, dass ihr OTL Logs benötigt. Hier meiner von heute morgen: OTL logfile created on: 25.04.2011 08:39:38 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,92 Gb Total Space | 31,99 Gb Free Space | 14,29% Space Free | Partition Type: NTFS Drive D: | 8,96 Gb Total Space | 1,64 Gb Free Space | 18,33% Space Free | Partition Type: NTFS Drive E: | 1,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LOUNGE | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\efHhjWihQgMsG.exe (WinTrust) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) PRC - C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) PRC - C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\SMINST\BLService.exe () PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe (Andrea Electronics Corporation) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe (IDT, Inc.) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe () SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TelekomNM3) -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.) DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\system32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SSHDRV51) -- C:\Windows\System32\drivers\SSHDRV51.sys () DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation) DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (ElgTaDrv) -- C:\Windows\System32\drivers\ElgTaDrv.sys (elmeg Kommunikationstechnik) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon [2010.02.02 15:19:02 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 22:38:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 22:38:10 | 000,000,000 | ---D | M] [2009.09.20 19:14:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.29 21:51:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ylzkqkpy.default\extensions [2009.09.20 19:47:48 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ylzkqkpy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.29 21:51:48 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ylzkqkpy.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.29 21:07:03 | 000,000,000 | -H-D | M] (softonic-de3 Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ylzkqkpy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.03.29 21:07:02 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ylzkqkpy.default\extensions\engine@conduit.com [2011.03.24 22:40:47 | 000,000,950 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ylzkqkpy.default\searchplugins\icqplugin-1.xml [2011.02.20 12:21:20 | 000,000,168 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ylzkqkpy.default\searchplugins\icqplugin.gif [2011.02.20 12:21:20 | 000,000,618 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ylzkqkpy.default\searchplugins\icqplugin.src [2011.03.24 21:36:17 | 000,001,069 | -H-- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ylzkqkpy.default\searchplugins\icqplugin.xml [2011.03.24 22:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.04.24 07:27:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 13:16:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.22 08:42:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.25 11:30:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 20:22:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2010.02.02 15:19:02 | 000,000,000 | -H-D | M] (Bytemobile Optimization Client) -- C:\PROGRAM FILES\T-MOBILE\INTERNETMANAGER_Z\BIN\ADDON [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NBKeyScan] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files\CyberLink\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [efHhjWihQgMsG] C:\ProgramData\efHhjWihQgMsG.exe (WinTrust) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found O4 - HKCU..\Run: [PlayNC Launcher] File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab (PopCapLoader Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.251 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006.09.30 10:08:50 | 000,701,952 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2006.09.30 10:08:50 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2006.09.30 10:08:22 | 000,003,356 | R--- | M] () - E:\autorun.ini -- [ CDFS ] O33 - MountPoints2\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\Shell - "" = AutoRun O33 - MountPoints2\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.25 08:37:54 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.04.25 00:02:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.04.24 22:22:23 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\efHhjWihQgMsG.exe [2011.04.22 12:21:38 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\The Lord of the Rings Online [2011.04.21 17:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters [2011.04.19 22:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.19 22:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.04.19 21:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.04.16 08:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701 [2011.04.16 08:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Anno 1701 [2011.04.15 09:17:23 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 09:17:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 09:16:58 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.15 09:16:58 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 09:16:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 09:16:58 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.15 09:16:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 09:16:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 09:16:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.15 09:16:58 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.15 09:16:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.15 09:16:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.15 09:16:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.15 09:16:56 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.15 09:16:56 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.15 09:16:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.15 09:16:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.15 09:16:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 09:16:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.15 09:16:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 09:16:45 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 09:16:37 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 09:16:31 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 09:16:25 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 09:16:25 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.03.29 22:15:01 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\AbelCam [2011.03.29 22:12:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Caphyon [2011.03.29 22:12:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\Seiz System Engineering [2011.03.29 22:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbelCam [2011.03.29 22:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\AbelCam [2011.03.29 22:10:21 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Downloads [2011.03.29 21:55:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam [2011.03.29 21:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2011.03.29 21:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine [2011.03.29 21:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3 [2011.03.28 19:17:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.03.27 23:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\T-Home [2011.03.27 23:06:26 | 000,000,000 | -H-D | C] -- C:\Users\***\Desktop\Telekom_Hosting_Manager [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.25 08:39:14 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.25 08:37:58 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.04.25 08:35:17 | 000,001,477 | -H-- | M] () -- C:\Users\Public\Documents\hpqp.ini [2011.04.25 08:35:16 | 000,007,592 | -H-- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.04.25 08:35:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.25 08:34:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.04.25 08:34:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.25 08:34:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.25 08:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.25 08:34:27 | 3218,296,832 | -HS- | M] () -- C:\hiberfil.sys [2011.04.25 08:31:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.24 22:37:48 | 000,151,134 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.04.24 22:37:39 | 000,151,134 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.04.24 22:22:18 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\efHhjWihQgMsG.exe [2011.04.21 18:59:14 | 000,001,100 | -H-- | M] () -- C:\Users\***\Desktop\TurbineLauncher - Verknüpfung.lnk [2011.04.20 19:53:53 | 000,221,549 | -H-- | M] () -- C:\Users\***\Desktop\image.jpg [2011.04.20 19:50:38 | 000,000,226 | -H-- | M] () -- C:\Users\***\Desktop\Aquarium von Jan S. auf Einrichtungsbeispiele.de - Aquarium 2.0.url [2011.04.19 22:04:15 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.16 08:56:50 | 000,001,675 | ---- | M] () -- C:\Users\Public\Desktop\Anno 1701.lnk [2011.04.16 08:56:47 | 000,271,360 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys [2011.04.16 08:56:46 | 000,018,048 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.04.15 16:55:11 | 000,380,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.15 12:09:56 | 000,678,092 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.15 12:09:56 | 000,637,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.15 12:09:56 | 000,147,244 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.15 12:09:56 | 000,120,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe [2011.04.06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll [2011.04.03 22:47:20 | 000,013,161 | -H-- | M] () -- C:\Users\***\Desktop\otterbaby.jpg [2011.04.03 22:47:19 | 000,005,705 | -H-- | M] () -- C:\Users\***\Desktop\fischotter.jpg [2011.03.27 23:06:07 | 005,360,797 | -H-- | M] () -- C:\Users\***\Desktop\Telekom_Hosting_Manager.zip [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 18:59:14 | 000,001,100 | -H-- | C] () -- C:\Users\***\Desktop\TurbineLauncher - Verknüpfung.lnk [2011.04.20 19:58:15 | 000,221,549 | -H-- | C] () -- C:\Users\***\Desktop\image.jpg [2011.04.20 19:42:41 | 000,000,226 | -H-- | C] () -- C:\Users\***\Desktop\Aquarium von Jan S. auf Einrichtungsbeispiele.de - Aquarium 2.0.url [2011.04.19 22:04:15 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.16 08:56:50 | 000,001,675 | ---- | C] () -- C:\Users\Public\Desktop\Anno 1701.lnk [2011.04.16 08:56:47 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.04.16 08:56:46 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.04.03 22:47:41 | 000,005,705 | -H-- | C] () -- C:\Users\***\Desktop\fischotter.jpg [2011.04.03 22:47:29 | 000,013,161 | -H-- | C] () -- C:\Users\***\Desktop\otterbaby.jpg [2011.03.27 23:06:03 | 005,360,797 | -H-- | C] () -- C:\Users\***\Desktop\Telekom_Hosting_Manager.zip [2011.03.27 17:59:35 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2010.03.13 08:52:37 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.11.24 18:33:28 | 000,007,680 | -H-- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.10 23:18:52 | 000,000,013 | ---- | C] () -- C:\Windows\popcinfo.dat [2009.09.11 19:39:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.11 19:39:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.31 21:33:09 | 000,000,094 | -H-- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2009.02.21 21:09:36 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV51.sys [2009.01.29 19:56:11 | 000,016,098 | -H-- | C] () -- C:\Windows\German2.ini [2009.01.20 16:48:46 | 000,007,592 | -H-- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.11.29 21:05:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.27 01:47:30 | 000,151,134 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.09.27 01:47:30 | 000,151,134 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.07.02 18:10:15 | 000,678,092 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.07.02 18:10:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.07.02 18:10:15 | 000,147,244 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.07.02 18:10:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.07.02 09:51:54 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,380,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,637,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,120,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2011.03.29 22:15:01 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\AbelCam [2011.03.29 22:13:10 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2011.04.24 22:30:39 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.10.07 20:36:31 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\InternetManager_Z [2010.06.29 20:25:02 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.08.08 20:21:38 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2009.05.31 21:37:47 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Turbine [2011.04.25 08:33:07 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > _____________________________________________________________ Meinen Benutzernamen habe ich durch *** ersetzt, wie in einem anderen Thread empfohlen. Ich weiss zwar nicht wofür, ihr wisst jetzt eh alles über meinen Laptop. ______________________________________________________________ hier noch die Extras.txt: OTL Extras logfile created on: 25.04.2011 08:39:38 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 223,92 Gb Total Space | 31,99 Gb Free Space | 14,29% Space Free | Partition Type: NTFS Drive D: | 8,96 Gb Total Space | 1,64 Gb Free Space | 18,33% Space Free | Partition Type: NTFS Drive E: | 1,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LOUNGE | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1C67C9BF-5807-4BC2-8433-18C3AB987EB7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{266AB803-56E7-4D9B-8604-733F3D9386FE}" = rport=445 | protocol=6 | dir=out | app=system | "{28AC50B6-ED1C-4C13-BAAB-7D5317386106}" = rport=138 | protocol=17 | dir=out | app=system | "{2AB7992B-85A8-45B6-AF86-890893FBA6DE}" = rport=139 | protocol=6 | dir=out | app=system | "{49387272-5394-4D14-B2AD-5A71FB77C1D8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4A38AC6A-155E-4FD9-B828-D5DF3DB00021}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5CB26342-473C-436A-818A-D8DC91F8C91D}" = lport=2869 | protocol=6 | dir=in | app=system | "{6319FB9A-112B-4EFD-9529-7266DE7398C3}" = lport=445 | protocol=6 | dir=in | app=system | "{73526175-250A-4798-BAB6-6D82636F8BBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{81D9EB8D-B818-40CA-8AF7-65626D1D2247}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{8B9D0287-A028-4508-975F-FD103196C011}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8FC0F47D-1156-46E6-95E3-E97683609F13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A0F9E7BE-ED91-46DB-9727-903D6DD7FA01}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C20372A9-8ECF-4549-8DE2-07B00117F031}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DB0D54B4-13C1-4FAB-AC3D-09E58F30DF5C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DF55A14A-8CC7-4F6A-B4B1-E109366E5131}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EAB512E1-EDE4-4A6E-B4B0-19703FBCC6E9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F0D91A4B-BC48-44E9-B550-9135878D7CF7}" = lport=138 | protocol=17 | dir=in | app=system | "{F376B5E7-C11B-4B5C-8EFD-1289D250540A}" = lport=139 | protocol=6 | dir=in | app=system | "{F9E1317B-0C71-4A21-A1FA-26382708CA71}" = rport=137 | protocol=17 | dir=out | app=system | "{FB2E0184-1FE6-4A77-97E1-4A963139FBCD}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00FAEB6E-2B9C-4F5A-AFBE-943AA4E7F561}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{016CD43B-4859-4681-93AF-0AB77AE6B019}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{01CEC3F2-3312-4A9B-87A0-0A902380F596}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{10D1B838-93B7-47AC-A93C-8B997320E972}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{123C4BCD-2BF7-4C61-AC5E-108D693CEFEA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{150D1EB0-A3FF-45E7-9AE5-47454D83BAF7}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | "{16AD14A6-2CF3-43C3-A0FB-29C019A59269}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{1B0B42C3-A97F-4D64-BBD4-02C98866DFCA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1CDFC45A-62DE-4836-961E-9C26C20974F6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{1E54F11D-FA61-4965-A1F7-EBFFDE45C385}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{22CB89FC-417A-46CB-9599-D4FEE44C34E4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{243618D8-520D-4A49-94CF-F401B810B020}" = protocol=17 | dir=in | app=c:\spiele\curse\curseclient.exe | "{2D0A948C-F8BC-4EB4-AE10-96E8F4B1DF61}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{2FC616A3-0BCD-4071-B8AB-185F7E742DB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{35D4EE66-5B19-4DB2-B33E-E96F3686E874}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{41D601C3-0928-4948-840E-38DEBDE98A1F}" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe | "{434B8ED3-E95B-42B9-BB91-7AC93F4FE3BB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{49D037F3-18AD-44AF-91D7-16CFC5BAF2B1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{4DAB1DDD-2463-4114-AAD9-A1DB8D9D916D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4E0CC158-AF03-4C80-A55F-D612A11803F1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{53B8C360-C80E-48AB-8163-4B5CA5AAAC8B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{55A4BE04-2063-4B73-BD1C-7D7FCAB07657}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{5B26465F-4277-451E-ACE1-E8F7FCB525D1}" = protocol=17 | dir=in | app=c:\program files\abelcam\abelcam.exe | "{5D31E69A-09E2-4AD9-8DB0-F27CD8AADAB1}" = protocol=6 | dir=in | app=c:\spiele\curse\curseclient.exe | "{5EB4CA10-393B-41A1-83B6-D27B4455EBEF}" = protocol=17 | dir=in | app=c:\program files\abelcam\abelsvc.exe | "{5F777A5C-DAF8-4DC3-A382-69CE3D9608E7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{60BB5EB0-9C4A-47E9-B119-CC3948845335}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{69A06A00-8138-4BA2-AA7A-B54C303356EF}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | "{6A534146-48A6-426D-B0FC-1DF2B36C549D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{79817FA0-639F-4D1B-A765-C7C6F83838B8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{7AFC9EE4-A311-4587-B378-39D14A673D84}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe | "{7B801B29-BE82-4584-A6D7-2C903D283A5E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{7BDBC692-916C-4319-A479-2329C4ED8105}" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe | "{83B632F5-577C-42A2-A3F8-94E8487324AC}" = protocol=6 | dir=in | app=c:\program files\abelcam\abelsvc.exe | "{92B98985-0FB2-4F88-A5A8-39B4F4A26058}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{9D50F5AC-CF1D-4C53-AF08-C3475C3202F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9D77C5AB-A677-4DB4-82CA-E776D26B246A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A619F510-808A-4100-B717-241278A59F9A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A8190E13-42F8-44E8-A704-7BFF896CD990}" = protocol=6 | dir=in | app=c:\program files\abelcam\abelcam.exe | "{B000ED6A-9C9C-492D-BB76-7A754BDDC935}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{B1505327-9F60-4EBB-9E05-2C87ADEF74BB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B2489612-AB6D-4B8B-B6E8-D3AA5838CD1B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{B45EDF12-3C3B-4022-A0E4-54EDDF4E79CA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{B51F66B5-C229-44A2-8DD8-4E51B9FCEFFD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{BA9D3212-81F7-47EC-B615-22B368D8E716}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe | "{BB36FD35-73A1-4DE6-AFEB-9666B27C60BB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{C38D2D36-F7DA-4D32-AEB3-8026F553B29B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{C48CF8FA-C171-44F2-9058-A632D0D311FC}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe | "{C4CA6088-EEB5-44DD-932A-5183BBD8045F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9464-to-3.0.8.9506-dede-downloader.exe | "{C798952F-824E-4ED2-A467-87152F05E515}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CF00AD47-4950-4A30-9FEA-2F830BBE7AA7}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{D0FEEAB3-EAC7-46C0-9651-012B08CA4ED1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E256AFEE-5C2B-49F8-9840-F90356C5D98A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{ECB78326-5C4A-448C-A08A-4528C1555C42}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F229C0D2-A623-4E6F-A564-14BFA2C50791}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{F80F1D10-8D5A-484D-A584-7304FC5C2D97}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{FA410F8B-5E12-446A-9D48-95F7AFAACDD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{0444EFEC-F989-463F-A83A-E096A639D105}C:\spiele\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | "TCP Query User{1237401D-58A9-4E3D-B16F-23CAAA4C0E46}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | "TCP Query User{206FA17D-1A31-4F5F-AB1E-B939BBDF4D3D}C:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | "TCP Query User{21832A03-4319-4953-A2D8-A44F135CF64E}C:\spiele\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "TCP Query User{249C92C8-6504-40A6-B009-B5A13127D95E}C:\spiele\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | "TCP Query User{2DBC5C63-BF00-4D66-A12F-2DA16A219E1F}C:\spiele\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | "TCP Query User{3F598F95-0F3F-4BB4-B023-67120892997C}C:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | "TCP Query User{4B99EB00-7E52-4475-8069-4F23BA06DEA5}C:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe | "TCP Query User{53F43AA9-5297-4245-8A74-73E50D33277C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{61F6ACA7-B2F9-4F6A-9531-C3AD111BACD2}C:\spiele\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\blizzard downloader.exe | "TCP Query User{6CD93F97-0DB2-4099-BD60-9575DE8C0158}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | "TCP Query User{75506218-76DA-4DD0-A281-AC53CAD00CB9}C:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | "TCP Query User{76114626-B75B-490D-8321-2F996C584B8C}C:\spiele\anno1701\anno1701addon.exe" = protocol=6 | dir=in | app=c:\spiele\anno1701\anno1701addon.exe | "TCP Query User{782B3AB5-42C2-4285-BB9D-A3F8F5C47C10}C:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "TCP Query User{845FD1F3-0E5C-4177-89EE-524408328601}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | "TCP Query User{A1CA636D-820F-4046-ABF4-93FC389F025D}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe | "TCP Query User{ADAD96D2-D3F5-479E-8FA6-F5BE42EC61D9}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{B0DE6285-E43A-47E2-B5EF-5F5E228E5574}C:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "TCP Query User{B18C9481-3D4B-42B6-801E-F77BA51E0B69}C:\users\thorsten\appdata\local\temp\blizzard launcher temporary - ba793ae8\launcher.exe" = protocol=6 | dir=in | app=c:\users\thorsten\appdata\local\temp\blizzard launcher temporary - ba793ae8\launcher.exe | "TCP Query User{BBB81697-BB98-4AE3-A8A4-BCBB50015533}C:\spiele\navigo\catan-insel\catan.exe" = protocol=6 | dir=in | app=c:\spiele\navigo\catan-insel\catan.exe | "TCP Query User{BC408F6D-4809-43B6-B1F5-4ACAC2402D29}C:\users\nicole\appdata\local\temp\blizzard launcher temporary - 06095578\launcher.exe" = protocol=6 | dir=in | app=c:\users\nicole\appdata\local\temp\blizzard launcher temporary - 06095578\launcher.exe | "TCP Query User{C2BF3E27-D784-4F9E-AB51-0EF0E53F2BE3}C:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | "TCP Query User{C8AB2CC7-B1D5-497E-84AC-A3BCAB8787A2}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | "TCP Query User{C8D19A9C-CE35-427E-8B21-75DB55D488D3}C:\spiele\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\blizzard downloader.exe | "TCP Query User{D2DD01A9-AD1D-450A-9DD6-AFD69C516854}C:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | "TCP Query User{D9C8D1CC-F8D6-4AD3-B038-128F4414FC01}C:\spiele\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | "TCP Query User{DCFBCC02-7FAC-4252-A217-D8A96A69097C}C:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe | "TCP Query User{E33AB076-D9F6-4417-A3E7-F6144FE8C66F}C:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "TCP Query User{E7A01451-3401-4E33-BE8D-59C47898FFDC}C:\spiele\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | "TCP Query User{F0489FD6-A4F5-45B4-808C-DB6080F48915}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | "TCP Query User{F1C99034-3C4E-49F1-B630-1C2263C2EDC5}C:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe | "TCP Query User{F45DCE89-3058-41E5-9A1F-27D4FB583493}C:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | "TCP Query User{F6514529-210D-4B7B-8045-E8824511D25A}C:\spiele\titanquest\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=c:\spiele\titanquest\titan quest immortal throne\tqit.exe | "TCP Query User{FAD0A6D1-211B-4677-9D36-DCE3F54A897D}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe | "UDP Query User{08D8C0B7-9473-4A4D-84BD-744D4B94D2FA}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | "UDP Query User{099C7F78-6A86-41B0-A5D7-01860B1A2AB6}C:\spiele\titanquest\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=c:\spiele\titanquest\titan quest immortal throne\tqit.exe | "UDP Query User{2A487FE0-49C3-4641-9B00-CD583C76C05B}C:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | "UDP Query User{3B615A78-475F-4707-8EED-0F9313AD6E2E}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe | "UDP Query User{3F812525-5927-476A-B507-17C86AE6E05B}C:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | "UDP Query User{550DD641-7CEC-4DA6-80CC-4296E15CC63D}C:\spiele\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | "UDP Query User{61FA91A7-03F2-4361-A30B-454B7ADBC455}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | "UDP Query User{68340928-FB3B-41B0-B86C-9BF29F571F21}C:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "UDP Query User{69B9D994-67CA-46EE-9CD3-88D803D380BC}C:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.patch.exe | "UDP Query User{86DCD3B1-7FA7-4FC5-AE32-914639BDCCA3}C:\spiele\anno1701\anno1701addon.exe" = protocol=17 | dir=in | app=c:\spiele\anno1701\anno1701addon.exe | "UDP Query User{875DB67B-D7A2-4584-89F1-743F56D81265}C:\users\nicole\appdata\local\temp\blizzard launcher temporary - 06095578\launcher.exe" = protocol=17 | dir=in | app=c:\users\nicole\appdata\local\temp\blizzard launcher temporary - 06095578\launcher.exe | "UDP Query User{876C43D8-9F0A-483F-9358-BB444DA36A31}C:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.1987-enus-tools-downloader.exe | "UDP Query User{908DCAFD-AF09-4C07-B365-70366431CABE}C:\spiele\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | "UDP Query User{95C752BD-CE3E-43BB-9BB1-CF25D343EBEC}C:\spiele\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\blizzard downloader.exe | "UDP Query User{9A5A13E8-2581-4F28-933B-B67374764D08}C:\spiele\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | "UDP Query User{9BA32D7E-DA8D-4804-8F2F-71D06505445B}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | "UDP Query User{A7A5056B-F0FA-4243-9CB4-7B7ED8A8DEAE}C:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\launcher.exe | "UDP Query User{A7E5692E-AEC7-4955-98B6-8A87423CC254}C:\spiele\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\blizzard downloader.exe | "UDP Query User{A8AAA6BE-BE07-4F2E-AB2E-61078FDF2530}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | "UDP Query User{A8B49F9E-8EAE-47CD-8587-19715F3DEEE5}C:\spiele\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\spiele\der herr der ringe online\lotroclient.exe | "UDP Query User{A9338A17-0AC0-4265-822E-C4CD939FA88C}C:\spiele\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-dede-downloader.exe | "UDP Query User{AB5F3C64-3B60-4A8A-ABEC-942D7CCD00F9}C:\spiele\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | "UDP Query User{B03BA840-8E81-4D38-8DEF-29BAE8A7CE6A}C:\spiele\navigo\catan-insel\catan.exe" = protocol=17 | dir=in | app=c:\spiele\navigo\catan-insel\catan.exe | "UDP Query User{B555F9FA-A391-4F8E-BECD-E268FFA83110}C:\spiele\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | "UDP Query User{BE863011-5F39-41A8-9977-E3717789C2E3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{C2E56F65-7313-4F5B-9BE3-BC77E4E0461A}C:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | "UDP Query User{CA6E3F3B-DA14-441B-91FA-6F391C5665A0}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | "UDP Query User{CAD9428E-1398-4A09-B87D-7630F130F779}C:\users\thorsten\appdata\local\temp\blizzard launcher temporary - ba793ae8\launcher.exe" = protocol=17 | dir=in | app=c:\users\thorsten\appdata\local\temp\blizzard launcher temporary - ba793ae8\launcher.exe | "UDP Query User{CC83B531-DBA9-4712-8874-4B70CC707D53}C:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | "UDP Query User{CCACE535-25CE-4C66-AED1-69AB8AF395E6}C:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "UDP Query User{D712A1AF-0D71-4CAD-A062-0DA26C665D16}C:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe | "UDP Query User{DA19BC62-7912-4C48-916A-E6F56CECD239}C:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe | "UDP Query User{DEAD6BCA-80C3-4B99-89F4-C6003F5ADF08}C:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\spiele\world of warcraft\backgrounddownloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24 "{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger "{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = T-Mobile Internet Manager "{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2 "{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1 "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2 "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E6CAEDCF-28AC-40DC-8339-199AF9F46B32}" = AbelCam "{E804B96C-908D-46A2-9DF8-B347F54A34C4}" = T-Concept XI521 "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor "{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "3DWunschhausPlusVA.Exe" = 3D Wunschhaus Architekt 5.0 Plus "4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = DER HERR DER RINGE ONLINE: Die Minen Von Moria v02.01.03.4020 "7-Zip" = 7-Zip 4.65 "AbelCam" = AbelCam "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Catan" = Catan - Die erste Insel "conduitEngine" = Conduit Engine "ENTERPRISE" = Microsoft Office Enterprise 2007 "Google Updater" = Google Updater "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{E804B96C-908D-46A2-9DF8-B347F54A34C4}" = T-Concept XI521 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "Netzmanager" = Netzmanager "NVIDIA Drivers" = NVIDIA Drivers "Reise nach Nordland" = Reise nach Nordland "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "softonic-de3 Toolbar" = softonic-de3 Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Trillian" = Trillian "ViewpointMediaPlayer" = Viewpoint Media Player "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client "NCsoft-Aion" = Aion (North America) "NCsoft-AionEU" = Aion ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.07.2010 17:57:46 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 03.07.2010 17:57:46 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 21211861 Error - 03.07.2010 17:57:46 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 21211861 Error - 03.07.2010 18:18:55 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 03.07.2010 18:18:55 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 999 Error - 03.07.2010 18:18:55 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 999 Error - 03.07.2010 18:18:56 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 03.07.2010 18:18:56 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2621 Error - 03.07.2010 18:18:56 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2621 Error - 03.07.2010 18:18:58 | Computer Name = Lounge | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ OSession Events ] Error - 02.08.2009 04:08:31 | Computer Name = Lounge | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.01.2011 02:32:26 | Computer Name = Lounge | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash. Error - 11.01.2011 02:38:16 | Computer Name = Lounge | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 243 seconds with 240 seconds of active time. This session ended with a crash. [ System Events ] Error - 24.04.2011 16:51:08 | Computer Name = Lounge | Source = Service Control Manager | ID = 7000 Description = Error - 24.04.2011 18:09:11 | Computer Name = Lounge | Source = VDS Dynamic Provider | ID = 16908298 Description = Error - 24.04.2011 18:38:03 | Computer Name = Lounge | Source = VDS Dynamic Provider | ID = 16908298 Description = Error - 25.04.2011 02:07:15 | Computer Name = Lounge | Source = Service Control Manager | ID = 7000 Description = Error - 25.04.2011 02:07:47 | Computer Name = Lounge | Source = Service Control Manager | ID = 7022 Description = Error - 25.04.2011 02:11:57 | Computer Name = Lounge | Source = Service Control Manager | ID = 7009 Description = Error - 25.04.2011 02:11:58 | Computer Name = Lounge | Source = Service Control Manager | ID = 7000 Description = Error - 25.04.2011 02:36:05 | Computer Name = Lounge | Source = Service Control Manager | ID = 7000 Description = Error - 25.04.2011 02:36:15 | Computer Name = Lounge | Source = Service Control Manager | ID = 7022 Description = Error - 25.04.2011 02:42:05 | Computer Name = Lounge | Source = Service Control Manager | ID = 7022 Description = < End of report > ______________________________________________________________ Ich habe seit gestern kein Programm und nix gestartet, sofern noch eines da war. Im Netz hängt noch ein zweiter Rechner, ich traue mich aber nicht ihn anzuschalten. Kann dem etwas passieren? Meine CD mit Betriebssystem hab ich grad nicht, die hat mein Ex beim Auszug mitgenommen, bekäme ich erst die Tage wieder. Aus diesem Grund und vor allem, weil ich ne Menge Fotos auf dem Laptop hatte, wäre mir eine Widerherstellung eigentlich lieber. Danach sichere ich die Dateien und könnte dann neu installieren, wenn das alles so ginge, wie ich mir das vorstelle. Was benötigt ihr noch von mir, habe wie gesagt, wenig Ahnung... Vielen Dank für eure professionelle Hilfe Was kann ich Zukunft mehr tun, um soetwas zu vermeiden? Karfunkel |
|
25.04.2011, 16:02
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Kazy.mekml.1 seit gestern abend Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
25.04.2011, 18:17
| #3 |
| | Kazy.mekml.1 seit gestern abend Hallo Cosinus,
__________________danke für Deine Hilfe. Ich habe Malwarebytes installiert, fast zwei Stunden gescannt und hier ist die Logdatei: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6441 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 25.04.2011 19:13:25 mbam-log-2011-04-25 (19-13-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 350084 Laufzeit: 1 Stunde(n), 37 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\efHhjWihQgMsG (Trojan.FakeAlert) -> Value: efHhjWihQgMsG -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\efhhjwihqgmsg.exe (Trojan.FakeAlert) -> No action taken. c:\Users\***\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> No action taken. Viele Grüße Karfunkel |
|
25.04.2011, 20:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.mekml.1 seit gestern abend Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - C:\ProgramData\efHhjWihQgMsG.exe (WinTrus
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.30 10:08:50 | 000,701,952 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.09.30 10:08:50 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006.09.30 10:08:22 | 000,003,356 | R--- | M] () - E:\autorun.ini -- [ CDFS ]
O33 - MountPoints2\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\Shell - "" = AutoRun
O33 - MountPoints2\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O4 - HKCU..\Run: [efHhjWihQgMsG] C:\ProgramData\efHhjWihQgMsG.exe (WinTrust)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
:Files
C:\ProgramData\~*
C:\ProgramData\efHhjWihQgMsG.exe
C:\Users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.04.2011, 20:49
| #5 |
| | Kazy.mekml.1 seit gestern abend Hallo Cosinus, hab ich gemacht. Nach dem "Fix"-Knopf kommt: OTL Cannot create file C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ylzkqkpy.default\prefs.js. Gruß Karfunkel |
|
25.04.2011, 20:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.mekml.1 seit gestern abend Probiers mit diesem Fix-Script: Code:
ATTFilter :OTL
PRC - C:\ProgramData\efHhjWihQgMsG.exe (WinTrus
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.30 10:08:50 | 000,701,952 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.09.30 10:08:50 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006.09.30 10:08:22 | 000,003,356 | R--- | M] () - E:\autorun.ini -- [ CDFS ]
O33 - MountPoints2\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\Shell - "" = AutoRun
O33 - MountPoints2\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O4 - HKCU..\Run: [efHhjWihQgMsG] C:\ProgramData\efHhjWihQgMsG.exe (WinTrust)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
:Files
C:\ProgramData\~*
C:\ProgramData\efHhjWihQgMsG.exe
C:\Users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
:Commands
[purity]
[resethosts]
[emptytemp]
__________________ --> Kazy.mekml.1 seit gestern abend |
|
25.04.2011, 21:22
| #7 |
| | Kazy.mekml.1 seit gestern abend So, jetzt bekam ich nach OTL die Meldung: Das System benötigt einen Neustart um die Dateien endgültig zu löschen. Jetzt habe ich einen weissen Bildschirm und die Meldung ging beim Start auf: Ansonsten keine Veränderungen All processes killed ========== OTL ========== No active process named efHhjWihQgMsG.exe was found! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\autoexec.bat not found. File move failed. E:\autorun.exe scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. File move failed. E:\autorun.ini scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e47efd9-c6ee-11dd-b3cc-001e68f69747}\ not found. File F:\LaunchU3.exe -a not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\efHhjWihQgMsG not found. File C:\ProgramData\efHhjWihQgMsG.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher not found. ========== FILES ========== File\Folder C:\ProgramData\~* not found. File\Folder C:\ProgramData\efHhjWihQgMsG.exe not found. File\Folder C:\Users\matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 206299445 bytes ->Temporary Internet Files folder emptied: 163017697 bytes ->Java cache emptied: 74056446 bytes ->FireFox cache emptied: 71517256 bytes ->Flash cache emptied: 45099 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1520442055 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.941,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04252011_220959 Files\Folders moved on Reboot... File move failed. E:\autorun.exe scheduled to be moved on reboot. File move failed. E:\autorun.inf scheduled to be moved on reboot. File move failed. E:\autorun.ini scheduled to be moved on reboot. File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YBTQJITS\ads[1].htm not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HNOQKRWI\98073-kazy-mekml-1-seit-gestern-abend[1].html not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DLRAKGO\ads[1].htm not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DLRAKGO\cm[1].htm not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DLRAKGO\search[1] not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DLRAKGO\search[1].htm not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DLRAKGO\search[2] not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DLRAKGO\search[3] not found! File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0DLRAKGO\search[4] not found! Registry entries deleted on Reboot... Gruß Karfunkel |
|
26.04.2011, 09:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.mekml.1 seit gestern abend Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2011, 17:32
| #9 |
| | Kazy.mekml.1 seit gestern abend Hallo und guten Abend, hier der Report vom TDSSKiller von Kaspersky: 2011/04/26 18:26:06.0190 6072 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/26 18:26:06.0375 6072 ================================================================================ 2011/04/26 18:26:06.0376 6072 SystemInfo: 2011/04/26 18:26:06.0376 6072 2011/04/26 18:26:06.0376 6072 OS Version: 6.0.6002 ServicePack: 2.0 2011/04/26 18:26:06.0376 6072 Product type: Workstation 2011/04/26 18:26:06.0376 6072 ComputerName: LOUNGE 2011/04/26 18:26:06.0376 6072 UserName: *** 2011/04/26 18:26:06.0376 6072 Windows directory: C:\Windows 2011/04/26 18:26:06.0376 6072 System windows directory: C:\Windows 2011/04/26 18:26:06.0376 6072 Processor architecture: Intel x86 2011/04/26 18:26:06.0376 6072 Number of processors: 2 2011/04/26 18:26:06.0376 6072 Page size: 0x1000 2011/04/26 18:26:06.0376 6072 Boot type: Normal boot 2011/04/26 18:26:06.0376 6072 ================================================================================ 2011/04/26 18:26:06.0772 6072 Initialize success 2011/04/26 18:26:16.0614 1932 ================================================================================ 2011/04/26 18:26:16.0614 1932 Scan started 2011/04/26 18:26:16.0614 1932 Mode: Manual; 2011/04/26 18:26:16.0614 1932 ================================================================================ 2011/04/26 18:26:19.0040 1932 Accelerometer (aef9ee4451d5c46370142cb06d0f3591) C:\Windows\system32\DRIVERS\Accelerometer.sys 2011/04/26 18:26:19.0192 1932 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/04/26 18:26:19.0261 1932 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/04/26 18:26:19.0402 1932 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/04/26 18:26:19.0471 1932 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/04/26 18:26:19.0515 1932 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/04/26 18:26:19.0702 1932 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys 2011/04/26 18:26:19.0837 1932 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/04/26 18:26:19.0898 1932 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/26 18:26:19.0990 1932 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/04/26 18:26:20.0107 1932 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/04/26 18:26:20.0175 1932 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/04/26 18:26:20.0220 1932 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/04/26 18:26:20.0324 1932 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/04/26 18:26:20.0490 1932 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/04/26 18:26:20.0550 1932 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/04/26 18:26:20.0656 1932 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/26 18:26:20.0780 1932 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/04/26 18:26:20.0884 1932 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys 2011/04/26 18:26:20.0940 1932 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/26 18:26:21.0060 1932 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/26 18:26:21.0146 1932 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys 2011/04/26 18:26:21.0262 1932 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/26 18:26:21.0337 1932 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/04/26 18:26:21.0421 1932 BMLoad (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys 2011/04/26 18:26:21.0836 1932 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/26 18:26:21.0972 1932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/26 18:26:22.0020 1932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/26 18:26:22.0091 1932 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/26 18:26:22.0215 1932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/26 18:26:22.0261 1932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/26 18:26:22.0339 1932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/26 18:26:22.0402 1932 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/26 18:26:22.0470 1932 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/26 18:26:22.0595 1932 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/26 18:26:22.0651 1932 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys 2011/04/26 18:26:22.0768 1932 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/04/26 18:26:22.0924 1932 clwvd (cfdfdd4fef7bb9ab7f79dbd1da93f007) C:\Windows\system32\DRIVERS\clwvd.sys 2011/04/26 18:26:22.0997 1932 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/26 18:26:23.0116 1932 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/04/26 18:26:23.0146 1932 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/26 18:26:23.0241 1932 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/04/26 18:26:23.0415 1932 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/04/26 18:26:23.0522 1932 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys 2011/04/26 18:26:23.0732 1932 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/04/26 18:26:23.0832 1932 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/26 18:26:24.0092 1932 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/26 18:26:24.0177 1932 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/26 18:26:24.0349 1932 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/04/26 18:26:24.0461 1932 ElgTaDrv (b687f79cb390e103af36dcbb5c417044) C:\Windows\system32\Drivers\ElgTaDrv.sys 2011/04/26 18:26:24.0526 1932 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/04/26 18:26:24.0602 1932 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys 2011/04/26 18:26:24.0751 1932 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/04/26 18:26:24.0918 1932 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/04/26 18:26:25.0073 1932 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/04/26 18:26:25.0162 1932 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/26 18:26:25.0221 1932 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/26 18:26:25.0365 1932 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/26 18:26:25.0412 1932 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/26 18:26:25.0510 1932 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/04/26 18:26:25.0703 1932 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/26 18:26:25.0750 1932 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/26 18:26:25.0943 1932 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/04/26 18:26:26.0024 1932 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/26 18:26:26.0133 1932 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/26 18:26:26.0218 1932 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/26 18:26:26.0324 1932 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys 2011/04/26 18:26:26.0461 1932 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/26 18:26:26.0531 1932 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/04/26 18:26:26.0687 1932 hpdskflt (64637b65c90df48c94bb9346afb3ac61) C:\Windows\system32\DRIVERS\hpdskflt.sys 2011/04/26 18:26:26.0776 1932 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 2011/04/26 18:26:26.0847 1932 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys 2011/04/26 18:26:26.0969 1932 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/04/26 18:26:27.0058 1932 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/04/26 18:26:27.0293 1932 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/04/26 18:26:27.0336 1932 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/04/26 18:26:27.0483 1932 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/26 18:26:27.0569 1932 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys 2011/04/26 18:26:27.0708 1932 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/04/26 18:26:27.0797 1932 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/26 18:26:27.0925 1932 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/26 18:26:27.0967 1932 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/26 18:26:28.0044 1932 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/26 18:26:28.0237 1932 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/26 18:26:28.0328 1932 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/26 18:26:28.0394 1932 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/26 18:26:28.0505 1932 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/04/26 18:26:28.0731 1932 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/26 18:26:28.0839 1932 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/26 18:26:28.0900 1932 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/26 18:26:29.0071 1932 JMCR (858c550ebbd243826a2193262c1b54a3) C:\Windows\system32\DRIVERS\jmcr.sys 2011/04/26 18:26:29.0152 1932 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/26 18:26:29.0286 1932 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/04/26 18:26:29.0468 1932 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/26 18:26:29.0628 1932 LEqdUsb (ed8f9311cae12c41a58dae2ea6d6c849) C:\Windows\system32\Drivers\LEqdUsb.Sys 2011/04/26 18:26:29.0768 1932 LHidEqd (9943f10c60eaf714c7010b37025a5ac5) C:\Windows\system32\Drivers\LHidEqd.Sys 2011/04/26 18:26:29.0898 1932 LHidFilt (b68309f25c5787385da842eb5b496958) C:\Windows\system32\DRIVERS\LHidFilt.Sys 2011/04/26 18:26:30.0041 1932 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/04/26 18:26:30.0116 1932 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/26 18:26:30.0247 1932 LMouFilt (63d3b1d3cd267fcc186a0146b80d453b) C:\Windows\system32\DRIVERS\LMouFilt.Sys 2011/04/26 18:26:30.0357 1932 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/26 18:26:30.0405 1932 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/26 18:26:30.0479 1932 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/26 18:26:30.0675 1932 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/26 18:26:30.0873 1932 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys 2011/04/26 18:26:30.0929 1932 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/04/26 18:26:31.0056 1932 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/04/26 18:26:31.0261 1932 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/26 18:26:31.0319 1932 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/26 18:26:31.0421 1932 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/26 18:26:31.0466 1932 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/26 18:26:31.0663 1932 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/26 18:26:31.0780 1932 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/04/26 18:26:32.0018 1932 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/26 18:26:32.0103 1932 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/26 18:26:32.0174 1932 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/04/26 18:26:32.0292 1932 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/26 18:26:32.0369 1932 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/26 18:26:32.0442 1932 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/26 18:26:32.0615 1932 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/04/26 18:26:32.0851 1932 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/04/26 18:26:32.0951 1932 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/26 18:26:33.0028 1932 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/26 18:26:33.0274 1932 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/26 18:26:33.0357 1932 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/26 18:26:33.0506 1932 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/26 18:26:34.0011 1932 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/04/26 18:26:34.0219 1932 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/26 18:26:34.0464 1932 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/26 18:26:34.0715 1932 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/04/26 18:26:34.0936 1932 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/26 18:26:35.0064 1932 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/04/26 18:26:35.0182 1932 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/26 18:26:35.0364 1932 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/26 18:26:35.0553 1932 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/26 18:26:35.0799 1932 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/26 18:26:35.0870 1932 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/26 18:26:35.0977 1932 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/26 18:26:36.0324 1932 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/04/26 18:26:36.0495 1932 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/26 18:26:36.0762 1932 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/04/26 18:26:37.0037 1932 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys 2011/04/26 18:26:37.0131 1932 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/26 18:26:37.0259 1932 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/04/26 18:26:37.0497 1932 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/26 18:26:37.0641 1932 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/26 18:26:37.0994 1932 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys 2011/04/26 18:26:38.0280 1932 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys 2011/04/26 18:26:38.0936 1932 nvlddmkm (cef89ad9aaabf89c9c36c65adc62f1ed) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/26 18:26:39.0405 1932 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/04/26 18:26:39.0503 1932 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/04/26 18:26:39.0765 1932 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/04/26 18:26:40.0173 1932 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/04/26 18:26:40.0282 1932 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/26 18:26:40.0445 1932 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/04/26 18:26:41.0022 1932 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/26 18:26:41.0137 1932 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/04/26 18:26:41.0184 1932 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/04/26 18:26:41.0231 1932 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/26 18:26:41.0306 1932 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/26 18:26:41.0428 1932 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/26 18:26:41.0492 1932 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/04/26 18:26:41.0585 1932 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/26 18:26:41.0692 1932 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/04/26 18:26:41.0766 1932 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/26 18:26:41.0823 1932 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/26 18:26:42.0066 1932 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/26 18:26:42.0145 1932 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/26 18:26:42.0224 1932 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/26 18:26:42.0299 1932 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/26 18:26:42.0415 1932 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/26 18:26:42.0576 1932 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/26 18:26:42.0654 1932 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/04/26 18:26:42.0754 1932 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/26 18:26:42.0856 1932 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/04/26 18:26:42.0927 1932 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/26 18:26:43.0025 1932 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/26 18:26:43.0222 1932 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/26 18:26:43.0332 1932 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 2011/04/26 18:26:43.0378 1932 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/26 18:26:43.0431 1932 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/26 18:26:43.0566 1932 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/26 18:26:43.0625 1932 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/26 18:26:43.0767 1932 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/04/26 18:26:43.0862 1932 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/26 18:26:44.0042 1932 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/26 18:26:44.0312 1932 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/04/26 18:26:44.0412 1932 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/04/26 18:26:44.0516 1932 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/04/26 18:26:44.0671 1932 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/04/26 18:26:44.0962 1932 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/04/26 18:26:45.0061 1932 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/26 18:26:45.0176 1932 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys 2011/04/26 18:26:45.0177 1932 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 2011/04/26 18:26:45.0182 1932 sptd - detected Locked file (1) 2011/04/26 18:26:45.0289 1932 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/04/26 18:26:45.0399 1932 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/26 18:26:45.0563 1932 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/26 18:26:46.0079 1932 SSHDRV51 (4217f2b8957c7e82e2a08d16bf4267cf) C:\Windows\system32\drivers\SSHDRV51.sys 2011/04/26 18:26:46.0143 1932 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/26 18:26:46.0249 1932 STHDA (21cc262ab5f42f7a6b91dc7304c2f267) C:\Windows\system32\DRIVERS\stwrt.sys 2011/04/26 18:26:46.0344 1932 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/26 18:26:46.0519 1932 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/26 18:26:46.0611 1932 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/26 18:26:46.0673 1932 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/26 18:26:46.0725 1932 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys 2011/04/26 18:26:46.0930 1932 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/04/26 18:26:47.0130 1932 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/26 18:26:47.0352 1932 tcpipBM (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys 2011/04/26 18:26:47.0524 1932 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/26 18:26:47.0696 1932 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/26 18:26:47.0829 1932 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/26 18:26:48.0002 1932 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/26 18:26:48.0116 1932 TelekomNM3 (5d528200679c3b4595b4237e02c077d5) C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys 2011/04/26 18:26:48.0340 1932 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/26 18:26:48.0519 1932 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/26 18:26:48.0587 1932 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/26 18:26:48.0787 1932 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/26 18:26:48.0933 1932 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/04/26 18:26:49.0115 1932 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/26 18:26:49.0351 1932 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/26 18:26:49.0451 1932 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/04/26 18:26:49.0493 1932 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/26 18:26:49.0598 1932 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/26 18:26:49.0755 1932 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/26 18:26:49.0912 1932 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 2011/04/26 18:26:50.0140 1932 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/26 18:26:50.0303 1932 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/26 18:26:50.0486 1932 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/26 18:26:50.0623 1932 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/26 18:26:50.0774 1932 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys 2011/04/26 18:26:50.0922 1932 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/26 18:26:51.0090 1932 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/26 18:26:51.0276 1932 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/26 18:26:51.0425 1932 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/26 18:26:51.0549 1932 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/26 18:26:51.0832 1932 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/26 18:26:52.0034 1932 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/04/26 18:26:52.0244 1932 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/04/26 18:26:52.0486 1932 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/04/26 18:26:52.0657 1932 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/26 18:26:52.0863 1932 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/04/26 18:26:53.0077 1932 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/04/26 18:26:53.0279 1932 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/04/26 18:26:53.0503 1932 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/26 18:26:53.0743 1932 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/26 18:26:53.0759 1932 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/26 18:26:54.0015 1932 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/04/26 18:26:54.0088 1932 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/26 18:26:54.0313 1932 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/04/26 18:26:54.0578 1932 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/26 18:26:54.0770 1932 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/04/26 18:26:54.0938 1932 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/26 18:26:55.0072 1932 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/26 18:26:55.0240 1932 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 2011/04/26 18:26:55.0430 1932 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 2011/04/26 18:26:55.0534 1932 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 2011/04/26 18:26:55.0637 1932 ================================================================================ 2011/04/26 18:26:55.0637 1932 Scan finished 2011/04/26 18:26:55.0637 1932 ================================================================================ 2011/04/26 18:26:55.0648 0308 Detected object count: 1 2011/04/26 18:27:24.0184 0308 Locked file(sptd) - User select action: Skip Alles sauber. Danach sollte ein Neustart folgen. Mach ich jetzt. Danach der erneute Malwarescan. Bis gleich |
|
26.04.2011, 17:45
| #10 |
| | Kazy.mekml.1 seit gestern abend Ich nochmal. Hier der Quickscan. Soll ich noch einen vollständigen Scan ausführen? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6441 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19048 26.04.2011 18:42:42 mbam-log-2011-04-26 (18-42-42).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 152047 Laufzeit: 2 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Jetzt probier ich dann mal unhide aus. Vielen Dank schonmal Karfunkel |
|
26.04.2011, 17:55
| #11 |
| | Kazy.mekml.1 seit gestern abend Wow DANKE!!!! Es scheint alles wieder da zu sein. Oh ich bin Dir so dankbar! Ich werd jetzt alles sichern und dann neu installieren, dann sollten alle eventuellen Reste doch weg sein, oder? Danke, danke, danke für Deine Hilfe  |
|
26.04.2011, 18:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.mekml.1 seit gestern abend Wir sind noch nicht durch!! Bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2011, 20:03
| #13 |
| | Kazy.mekml.1 seit gestern abend Ok, gut, dann mache ich weiter ComboFix geladen CCCleaner durchgeführt ComboFix ausgeführt hier die LogDatei: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-25.03 - Nicole 26.04.2011 20:32:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3068.1675 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-26 bis 2011-04-26 ))))))))))))))))))))))))))))))
.
.
2011-04-26 18:41 . 2011-04-26 18:45 -------- d-----w- c:\users\***\AppData\Local\temp
2011-04-26 18:41 . 2011-04-26 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-26 18:24 . 2011-04-26 18:24 -------- d-----w- c:\program files\CCleaner
2011-04-26 16:05 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCBD429F-36CC-4855-A4C6-8C43E4BF1C39}\mpengine.dll
2011-04-25 19:46 . 2011-04-25 19:46 -------- d-----w- C:\_OTL
2011-04-25 15:13 . 2011-04-25 15:13 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-04-25 15:13 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 15:13 . 2011-04-25 15:13 -------- d-----w- c:\programdata\Malwarebytes
2011-04-25 15:13 . 2011-04-25 17:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-25 15:13 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-24 22:02 . 2011-04-24 22:02 -------- d-----w- c:\programdata\WindowsSearch
2011-04-22 10:21 . 2011-04-22 10:21 -------- d-----w- c:\users\***\AppData\Local\The Lord of the Rings Online
2011-04-21 15:12 . 2011-04-21 15:12 -------- d-----w- c:\program files\Codemasters
2011-04-19 20:03 . 2011-04-19 20:03 -------- d-----w- c:\program files\iPod
2011-04-19 19:58 . 2011-04-19 19:58 -------- d-----w- c:\program files\Bonjour
2011-04-16 06:56 . 2011-04-16 06:56 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-04-16 06:56 . 2011-04-16 06:56 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-04-16 06:51 . 2011-04-16 06:56 -------- d-----w- c:\program files\Anno 1701
2011-04-16 06:50 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-04-16 06:50 . 2011-04-16 06:50 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-04-16 06:50 . 2011-04-16 06:50 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-04-16 06:50 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-04-16 06:50 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-04-16 06:50 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-04-16 06:50 . 2005-11-13 21:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-04-15 07:17 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 07:17 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 20:15 . 2011-03-29 20:15 -------- d-----w- c:\users\***\AppData\Roaming\AbelCam
2011-03-29 20:12 . 2011-03-29 20:12 -------- d-----w- c:\programdata\Caphyon
2011-03-29 20:12 . 2011-03-29 20:12 -------- d-----w- c:\program files\AbelCam
2011-03-29 20:12 . 2011-03-29 20:12 -------- d-----w- c:\programdata\Seiz System Engineering
2011-03-29 19:07 . 2011-03-29 19:07 -------- d-----w- c:\program files\Conduit
2011-03-29 19:07 . 2011-03-29 19:07 -------- d-----w- c:\program files\softonic-de3
2011-03-28 17:17 . 2011-04-19 20:04 -------- d-----w- c:\program files\iTunes
2011-03-27 21:06 . 2011-03-27 21:06 -------- d-----w- c:\program files\T-Home
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-20 15:59 . 2010-11-09 21:44 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-22 14:13 . 2011-03-23 18:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 18:50 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 18:50 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 14:36 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-02 20:40 . 2010-04-24 05:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-02 15:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-18 17:56 . 2011-03-24 20:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 19:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-11-13 19:58 3913000 ----a-w- c:\program files\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\program files\softonic-de3\tbsoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-08-20 136488]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2010-08-20 162912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
.
c:\users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-1-24 0]
Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2010-11-10 1619968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MCtlSvc.lnk - c:\program files\T-Mobile\InternetManager_Z\Bin\mcserver.exe [2010-10-7 88576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c996704519eb37;Google Update Service (gupdate1c996704519eb37);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 133104]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 ElgTaDrv;T-Concept X USB System Driver;c:\windows\system32\Drivers\ElgTaDrv.sys [2002-07-15 73660]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2010-03-18 40912]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2010-03-18 10448]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-11-24 9216]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-08-30 3407412]
R3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [2010-09-16 35040]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 13184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-02 717296]
S1 SSHDRV51;SSHDRV51;c:\windows\system32\drivers\SSHDRV51.sys [2009-02-21 21504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-20 27632]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-24 20:37]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 11:08]
.
2011-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 11:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ylzkqkpy.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-3DWunschhausPlusVA.Exe - c:\programme\BHV\VirtualArchitecture\WunschhausPlus\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-26 20:53:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-26 18:52
.
Vor Suchlauf: 15 Verzeichnis(se), 37.662.470.144 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 37.065.236.480 Bytes frei
.
- - End Of File - - 653170EA119D46757D3B28AEE5BB0046
Grüße Karfunkel |
|
27.04.2011, 09:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kazy.mekml.1 seit gestern abend Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.04.2011, 17:08
| #15 |
| | Kazy.mekml.1 seit gestern abend Guten Abend, GMER ist zweimal abgestürzt. OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:04:57 on 27.04.2011 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys "Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LHidFilt.Sys "Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LMouFilt.Sys "Logitech SetPoint Unifying KMDF HID Filter" (LHidEqd) - "Logitech, Inc." - C:\Windows\System32\Drivers\LHidEqd.Sys "Logitech SetPoint Unifying KMDF USB Filter" (LEqdUsb) - "Logitech, Inc." - C:\Windows\System32\Drivers\LEqdUsb.Sys "NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\Windows\system32\npptNT2.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "SSHDRV51" (SSHDRV51) - ? - C:\Windows\system32\drivers\SSHDRV51.sys (File found, but it contains no detailed information) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "T-Concept X USB System Driver" (ElgTaDrv) - "elmeg Kommunikationstechnik" - C:\Windows\System32\Drivers\ElgTaDrv.sys "Telekom Netzmanager Packet Filter Driver" (TelekomNM3) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Conduit Engine" - "Conduit Ltd." - C:\Program Files\ConduitEngine\ConduitEngine.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "PopCapLoader Object" - ? - C:\Windows\Downloaded Program Files\popcaploader.dll (File not found) / hxxp://www.popcap.com/webgames/popcaploader_v10_de.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Program Files\ConduitEngine\ConduitEngine.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {30F9B915-B755-4826-820B-08FBA6BD249D} "Conduit Engine" - "Conduit Ltd." - C:\Program Files\ConduitEngine\ConduitEngine.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} "softonic-de3 Toolbar" - "Conduit Ltd." - C:\Program Files\softonic-de3\tbsoft.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "CurseClientStartup.ccip" - ? - C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip "desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Netzmanager.lnk" - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\netzmanager.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "MCtlSvc.lnk" - "ZTE" - C:\Program Files\T-Mobile\InternetManager_Z\Bin\mcserver.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe "hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "YouCam Mirage" - "CyberLink" - "C:\Program Files\CyberLink\YouCam\YCMMirage.exe" "YouCam Tray" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c996704519eb37)" (gupdate1c996704519eb37) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe "hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - "Deutsche Telekom AG" - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe "QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe "Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru und hier das MBR Dokument MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Quanta BIOS Manufacturer: Hewlett-Packard System Manufacturer: Hewlett-Packard System Product Name: HP Pavilion dv5 Notebook PC Logical Drives Mask: 0x0000001c Kernel Drivers (total 203): 0x82041000 \SystemRoot\system32\ntkrnlpa.exe 0x8200E000 \SystemRoot\system32\hal.dll 0x8040A000 \SystemRoot\system32\kdcom.dll 0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80481000 \SystemRoot\system32\PSHED.dll 0x80492000 \SystemRoot\system32\BOOTVID.dll 0x8049A000 \SystemRoot\system32\CLFS.SYS 0x804DB000 \SystemRoot\system32\CI.dll 0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80696000 \SystemRoot\System32\Drivers\spyb.sys 0x80796000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8079F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x8260D000 \SystemRoot\system32\drivers\acpi.sys 0x82653000 \SystemRoot\system32\drivers\msisadrv.sys 0x8265B000 \SystemRoot\system32\drivers\pci.sys 0x82682000 \SystemRoot\system32\drivers\isapnp.sys 0x82691000 \SystemRoot\system32\drivers\mpio.sys 0x826AD000 \SystemRoot\System32\drivers\partmgr.sys 0x826BC000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x826BF000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x826C9000 \SystemRoot\system32\drivers\volmgr.sys 0x826D8000 \SystemRoot\System32\drivers\volmgrx.sys 0x82722000 \SystemRoot\system32\drivers\intelide.sys 0x82729000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x82737000 \SystemRoot\system32\drivers\pciide.sys 0x8273E000 \SystemRoot\system32\drivers\aliide.sys 0x82745000 \SystemRoot\system32\drivers\amdide.sys 0x8274C000 \SystemRoot\system32\drivers\cmdide.sys 0x82754000 \SystemRoot\System32\drivers\mountmgr.sys 0x82764000 \SystemRoot\system32\drivers\msdsm.sys 0x8277E000 \SystemRoot\system32\drivers\nvraid.sys 0x82799000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x827BA000 \SystemRoot\system32\drivers\viaide.sys 0x83002000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x830D0000 \SystemRoot\system32\drivers\iastorv.sys 0x83171000 \SystemRoot\system32\drivers\atapi.sys 0x83179000 \SystemRoot\system32\drivers\ataport.SYS 0x83197000 \SystemRoot\system32\drivers\lsi_scsi.sys 0x831B1000 \SystemRoot\system32\drivers\storport.sys 0x831F2000 \SystemRoot\system32\drivers\nvstor.sys 0x827C2000 \SystemRoot\system32\drivers\msahci.sys 0x827CC000 \SystemRoot\system32\drivers\hpcisss.sys 0x83201000 \SystemRoot\system32\drivers\adp94xx.sys 0x8326B000 \SystemRoot\system32\drivers\adpahci.sys 0x832B7000 \SystemRoot\system32\drivers\adpu160m.sys 0x832D2000 \SystemRoot\system32\drivers\adpu320.sys 0x832F8000 \SystemRoot\system32\drivers\djsvs.sys 0x8330C000 \SystemRoot\system32\drivers\arc.sys 0x83322000 \SystemRoot\system32\drivers\arcsas.sys 0x83338000 \SystemRoot\system32\drivers\elxstor.sys 0x833CC000 \SystemRoot\system32\drivers\i2omp.sys 0x833D6000 \SystemRoot\system32\drivers\iirsp.sys 0x833E6000 \SystemRoot\system32\drivers\iteatapi.sys 0x833F2000 \SystemRoot\system32\drivers\iteraid.sys 0x827D7000 \SystemRoot\system32\drivers\lsi_fc.sys 0x807C5000 \SystemRoot\system32\drivers\lsi_sas.sys 0x827F1000 \SystemRoot\system32\drivers\megasas.sys 0x8AE00000 \SystemRoot\system32\drivers\megasr.sys 0x8AEB7000 \SystemRoot\system32\drivers\mraid35x.sys 0x8AEC2000 \SystemRoot\system32\drivers\nfrd960.sys 0x8B00D000 \SystemRoot\system32\drivers\ql2300.sys 0x8B145000 \SystemRoot\system32\drivers\ql40xx.sys 0x8B19A000 \SystemRoot\system32\drivers\sisraid2.sys 0x8B1A7000 \SystemRoot\system32\drivers\sisraid4.sys 0x8B1BC000 \SystemRoot\system32\drivers\symc8xx.sys 0x8B1C8000 \SystemRoot\system32\drivers\sym_hi.sys 0x8B1D3000 \SystemRoot\system32\drivers\sym_u3.sys 0x8AED0000 \SystemRoot\system32\drivers\uliahci.sys 0x8B1DE000 \SystemRoot\system32\drivers\ulsata.sys 0x8AF0C000 \SystemRoot\system32\drivers\ulsata2.sys 0x8AF38000 \SystemRoot\system32\drivers\vsmraid.sys 0x8AF59000 \SystemRoot\system32\drivers\fltmgr.sys 0x8AF8B000 \SystemRoot\system32\drivers\fileinfo.sys 0x8B206000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8B277000 \SystemRoot\system32\drivers\ndis.sys 0x8B382000 \SystemRoot\system32\drivers\msrpc.sys 0x8B3AD000 \SystemRoot\system32\drivers\NETIO.SYS 0x8B408000 \SystemRoot\System32\drivers\tcpip.sys 0x8B4F2000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8B607000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8B717000 \SystemRoot\system32\drivers\wd.sys 0x8B71F000 \SystemRoot\system32\drivers\volsnap.sys 0x8B758000 \SystemRoot\System32\Drivers\spldr.sys 0x8B760000 \SystemRoot\system32\drivers\sbp2port.sys 0x8B775000 \SystemRoot\System32\Drivers\mup.sys 0x8B784000 \SystemRoot\System32\drivers\ecache.sys 0x8B7AB000 \SystemRoot\system32\DRIVERS\hpdskflt.sys 0x8B7B4000 \SystemRoot\system32\drivers\disk.sys 0x8B7C5000 \SystemRoot\system32\drivers\crcdisk.sys 0x8B7CE000 \SystemRoot\system32\drivers\BMLoad.sys 0x8B7DD000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8B7E8000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8B7F1000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8B600000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8F204000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8F92A000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8F9CA000 \SystemRoot\System32\drivers\watchdog.sys 0x8F9D6000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8AF9B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8F9E1000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8FA03000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8FE04000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x9018B000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x901AC000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x901BC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x901CA000 \SystemRoot\system32\DRIVERS\jmcr.sys 0x901DE000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x901F1000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys 0x8FA90000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8FA9B000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x901F6000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8FACB000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8FAD6000 \SystemRoot\system32\DRIVERS\enecir.sys 0x8FAEE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x901F8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8FB06000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8FB0F000 \SystemRoot\system32\DRIVERS\Accelerometer.sys 0x8FB1A000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8FB49000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8FB54000 \SystemRoot\system32\DRIVERS\clwvd.sys 0x8FB5A000 \SystemRoot\system32\DRIVERS\ks.sys 0x8FB84000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8FB9B000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8FBA6000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8FBC9000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8FBD8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8B5DB000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8FBEC000 \SystemRoot\system32\DRIVERS\termdd.sys 0x901FE000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8F9F0000 \SystemRoot\system32\DRIVERS\circlass.sys 0x8B5F0000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8B3E8000 \SystemRoot\system32\DRIVERS\umbus.sys 0x805BB000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8AFD9000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x91405000 \SystemRoot\system32\DRIVERS\stwrt.sys 0x91467000 \SystemRoot\system32\DRIVERS\portcls.sys 0x91494000 \SystemRoot\system32\DRIVERS\drmk.sys 0x914B9000 \SystemRoot\system32\drivers\nvhda32v.sys 0x914C7000 \SystemRoot\system32\DRIVERS\hidir.sys 0x914D2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x914E2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x914E9000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x914F2000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x914FA000 \??\C:\Windows\system32\drivers\SSHDRV51.sys 0x91504000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x9150D000 \SystemRoot\System32\Drivers\Null.SYS 0x91514000 \SystemRoot\System32\Drivers\Beep.SYS 0x9151B000 \SystemRoot\System32\drivers\vga.sys 0x91527000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x91548000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x91550000 \SystemRoot\system32\drivers\rdpencdd.sys 0x91558000 \SystemRoot\System32\Drivers\Msfs.SYS 0x91563000 \SystemRoot\System32\Drivers\Npfs.SYS 0x91571000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x9157A000 \SystemRoot\system32\DRIVERS\tdx.sys 0x91590000 \??\C:\Windows\system32\drivers\tcpipBM.sys 0x91595000 \SystemRoot\system32\DRIVERS\smb.sys 0x915A9000 \SystemRoot\system32\drivers\afd.sys 0x91804000 \SystemRoot\System32\DRIVERS\netbt.sys 0x91836000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9184C000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9185A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9186D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x91873000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x918AF000 \SystemRoot\system32\drivers\nsiproxy.sys 0x918B9000 \SystemRoot\System32\Drivers\dfsc.sys 0x918D0000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x918F6000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x9190D000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x91916000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x9192C000 \SystemRoot\System32\Drivers\usbvideo.sys 0x9194D000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8B50D000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x9A8D0000 \SystemRoot\System32\win32k.sys 0x9195A000 \SystemRoot\System32\drivers\Dxapi.sys 0x91964000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9AAF0000 \SystemRoot\System32\TSDDD.dll 0x9AB10000 \SystemRoot\System32\cdd.dll 0x91973000 \SystemRoot\system32\drivers\luafv.sys 0x9198E000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA0C02000 \SystemRoot\system32\drivers\spsys.sys 0xA0CB2000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA0CC2000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA0CEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA0CF6000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA0D09000 \SystemRoot\system32\drivers\HTTP.sys 0xA0D76000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA0D93000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA0DAC000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA0DC1000 \SystemRoot\system32\drivers\mrxdav.sys 0x919A3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x919C2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA0DE2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA2200000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA2228000 \SystemRoot\System32\DRIVERS\srv.sys 0xA228F000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xA22D2000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA22D7000 \SystemRoot\system32\drivers\peauth.sys 0xA23B5000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA23BF000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA23CD000 \??\C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys 0x77870000 \Windows\System32\ntdll.dll Processes (total 91): 0 System Idle Process 4 System 468 C:\Windows\System32\smss.exe 604 csrss.exe 656 C:\Windows\System32\wininit.exe 668 csrss.exe 700 C:\Windows\System32\services.exe 712 C:\Windows\System32\lsass.exe 720 C:\Windows\System32\lsm.exe 900 C:\Windows\System32\svchost.exe 964 C:\Windows\System32\nvvsvc.exe 996 C:\Windows\System32\svchost.exe 1036 C:\Windows\System32\svchost.exe 1084 C:\Windows\System32\svchost.exe 1116 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1172 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe 1232 C:\Windows\System32\winlogon.exe 1272 C:\Windows\System32\audiodg.exe 1400 C:\Windows\System32\svchost.exe 1416 C:\Windows\System32\SLsvc.exe 1452 C:\Windows\System32\svchost.exe 1520 C:\Windows\System32\hpservice.exe 1572 C:\Windows\System32\svchost.exe 1756 C:\Windows\System32\spoolsv.exe 1860 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1880 C:\Windows\System32\svchost.exe 1940 C:\Windows\System32\rundll32.exe 596 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe 908 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1132 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1564 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1320 C:\Program Files\Bonjour\mDNSResponder.exe 2072 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2156 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2188 C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe 2256 C:\Windows\System32\svchost.exe 2268 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 2288 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe 2308 C:\Windows\SMINST\BLService.exe 2336 C:\Windows\System32\svchost.exe 2376 C:\Windows\System32\svchost.exe 2460 C:\Windows\System32\SearchIndexer.exe 2792 WmiPrvSE.exe 3180 C:\Windows\System32\dwm.exe 3216 C:\Windows\System32\taskeng.exe 3240 C:\Windows\explorer.exe 3280 C:\Windows\System32\taskeng.exe 3560 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3592 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3600 C:\Program Files\HP\QuickPlay\QPService.exe 3608 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3624 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe 3648 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3660 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3672 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 3704 C:\Windows\System32\rundll32.exe 3712 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3760 C:\Program Files\Common Files\Java\Java Update\jusched.exe 3780 C:\Program Files\CyberLink\YouCam\YCMMirage.exe 3804 C:\Program Files\CyberLink\YouCam\YouCamTray.exe 3820 C:\Program Files\iTunes\iTunesHelper.exe 3828 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 3856 C:\Program Files\Windows Media Player\wmpnscfg.exe 3864 C:\Program Files\T-Mobile\InternetManager_Z\Bin\mcserver.exe 3916 C:\Program Files\Netzmanager\netzmanager.exe 3996 C:\Windows\System32\cmd.exe 4024 C:\Program Files\T-Mobile\InternetManager_Z\Bin\dbus-daemon.exe 2448 C:\Program Files\T-Mobile\InternetManager_Z\Bin\gconfd-2.exe 2864 C:\Program Files\T-Mobile\InternetManager_Z\Bin\db_daemon.exe 368 C:\Windows\System32\SearchProtocolHost.exe 2732 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 760 C:\Program Files\Windows Media Player\wmpnetwk.exe 1044 WmiPrvSE.exe 3584 C:\Program Files\iPod\bin\iPodService.exe 4156 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 4296 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 4388 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 4512 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 5064 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 5724 C:\Program Files\Internet Explorer\iexplore.exe 5788 C:\Program Files\Internet Explorer\iexplore.exe 4420 C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe 5580 C:\Windows\System32\svchost.exe 5680 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe 4404 C:\Windows\System32\SearchFilterHost.exe 3096 C:\Program Files\Internet Explorer\iexplore.exe 2764 dllhost.exe 3120 dllhost.exe 4756 C:\Users\***\Desktop\MBRCheck.exe 3544 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`fac00000 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHZ2250BHG2, Rev: 8909 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Grüße Karfunkel |
|
| Themen zu Kazy.mekml.1 seit gestern abend |
| 7-zip, autorun, avgntflt.sys, bho, bonjour, conduit, datei gelöscht, dateien weg, desktop, error, excel, extras.txt, fehler, firefox, flash player, google earth, home, hängt, install.exe, intranet, location, logfile, microsoft office word, mozilla, nt.dll, nvlddmkm.sys, office 2007, oldtimer, plug-in, prozesse, realtek, registry, rundll, saver, scan, searchplugins, security, security update, shell32.dll, skype.exe, software, sptd.sys, start menu, sttray.exe, svchost.exe, t-mobile, teamspeak, trojaner, windows |
Linear-Darstellung
