Jump to content

mats_mats

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. mats_mats
    The clean-up worked as well, thank you very much!!! All systems go!!! You are the best!!
  2. mats_mats

    You are AWESOME!! Thanks so much for your time!!!

  3. mats_mats
    ok, now it's working! I adjusted some privileges in the controls panel, which must have been somewhat alterded during the process,....
  4. mats_mats
    the e:\ drive is the second partition of my main harddisk. I have c:\ as my programs partition (e.g. for Windows, MS Office, etc.) and e:\ for my files like pictures, sound files, videos, etc.
  5. mats_mats
    Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.20.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mats :: MATS-PC [Administrator] Schutz: Aktiviert 20.07.2012 17:27:12 mbam-log-2012-07-20 (17-27-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211195 Laufzeit: 3 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Computer is running well overall, but I do not have access to my drive E:\ anymore, if I want to save files for example from MS Word! It asks me if I want to save in mypictures on drive c: instead! I can save anywhere on drive c: but not on e: must have to do with the registry files I deleted,... What can I do?
  6. mats_mats
    No, I deleted those: [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Mats\AppData\Local\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND the combofix log: ComboFix 12-07-20.02 - Mats 20.07.2012 17:02:13.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.43.1031.18.4095.2616 [GMT 2:00] ausgeführt von:: c:\users\Mats\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-20 bis 2012-07-20 )))))))))))))))))))))))))))))) . . 2012-07-20 15:07 . 2012-07-20 15:07 -------- d-----w- c:\users\Wildcat\AppData\Local\temp 2012-07-20 15:07 . 2012-07-20 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-18 18:37 . 2012-07-18 18:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-17 20:27 . 2012-07-17 20:27 -------- d-----w- c:\program files (x86)\Emsisoft HiJackFree 2012-07-17 20:02 . 2012-07-17 20:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-09 15:46 . 2012-07-09 15:46 -------- d-----w- c:\users\Mats\AppData\Roaming\Diercke Globus Online 2012-07-09 15:46 . 2012-07-09 15:46 947517 ----a-w- c:\windows\Diercke Globus Online Uninstaller.exe 2012-07-09 15:46 . 2012-07-09 15:46 -------- d-----w- c:\program files (x86)\ImagonShared 2012-07-09 15:46 . 2012-07-09 15:46 -------- d-----w- c:\program files (x86)\Diercke Globus Online 2012-07-09 15:39 . 2012-07-09 15:39 -------- d-----w- c:\programdata\ATI 2012-07-09 15:39 . 2012-07-09 15:39 -------- d-----w- c:\program files (x86)\AMD APP 2012-07-09 09:44 . 2012-07-09 09:44 -------- d-----w- c:\users\Mats\AppData\Roaming\Malwarebytes 2012-07-09 01:15 . 2012-07-09 01:15 -------- d-----w- c:\users\Wildcat\AppData\Roaming\Malwarebytes 2012-07-09 01:14 . 2012-07-09 01:14 -------- d-----w- c:\programdata\Malwarebytes 2012-07-09 01:14 . 2012-07-13 08:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-09 01:14 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-08 23:56 . 2012-07-08 23:56 -------- d-----w- c:\users\Wildcat\AppData\Roaming\Nero 2012-07-08 17:55 . 2012-07-08 17:59 -------- d-----w- c:\users\Wildcat\AppData\Local\Google 2012-07-08 17:55 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-08 17:55 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-08 17:55 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-07-08 17:55 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-08 17:54 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-08 17:54 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-07-08 17:54 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-08 17:54 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr 2012-07-08 17:54 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-07-08 17:54 . 2012-07-08 17:54 -------- d-----w- c:\programdata\AVAST Software 2012-07-08 17:54 . 2012-07-08 17:54 -------- d-----w- c:\program files\AVAST Software 2012-07-08 10:01 . 2012-07-08 18:27 -------- d-----w- c:\users\Mats\AppData\Roaming\Logef 2012-07-05 21:34 . 2012-07-05 21:34 -------- d-----w- c:\users\Mats\dwhelper 2012-06-27 22:26 . 2012-06-27 22:26 -------- d-----w- c:\program files\Windows Live 2012-06-23 13:41 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 13:41 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 13:41 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 13:41 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 13:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 13:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 13:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 13:41 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 13:41 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-18 18:37 . 2012-05-05 13:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2011-12-06 03:17 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2011-12-06 03:16 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2011-12-06 03:06 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2011-12-06 02:51 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2011-12-06 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2012-02-15 02:12 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-11 11:50 . 2012-06-11 11:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 11:50 . 2012-06-11 11:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 11:50 . 2012-06-11 11:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 11:50 . 2012-06-11 11:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 11:50 . 2012-06-11 11:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 11:50 . 2012-06-11 11:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 11:49 . 2012-06-11 11:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-05-18 10:25 . 2012-05-18 10:25 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104] "CTHelper"="CTHELPER.EXE" [2010-03-18 19456] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-16 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856] R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-28 79360] R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648] R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912] R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912] R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-16 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-11 1255736] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-02-28 834544] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064] S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-01-17 331608] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-01-04 329544] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3878835867-1666332686-777086807-1000Core.job - c:\users\Mats\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-14 11:20] . 2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3878835867-1666332686-777086807-1000UA.job - c:\users\Mats\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-14 11:20] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-16 12:28] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-16 12:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=80db860f00000000000000252254169c mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyServer = socks=127.0.0.1:18079 IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\Mats\AppData\Roaming\Mozilla\Firefox\Profiles\jukgosb3.default\ FF - prefs.js: browser.startup.homepage - hxxp://de.mg4.mail.yahoo.com/neo/launch?.rand=fbjcn5a0r5bu8 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . URLSearchHooks-{a060276a-53be-45ec-8ebe-b94b1e803179} - (no file) BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87 "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d, 8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63 "{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7, fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:a9,3b,78,44,66,64,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-07-20 17:13:33 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-07-20 15:13 . Vor Suchlauf: 9 Verzeichnis(se), 17.781.465.088 Bytes frei Nach Suchlauf: 13 Verzeichnis(se), 22.599.274.496 Bytes frei . - - End Of File - - E18C72C9057B19F64C24DE11B3497EDB
  7. mats_mats
    I couldn't find "[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:18079) -> FOUND" in the registry tab, so I looked at the other tabs and found it in the proxy tab. I tried to delete it there, but it wasn't possible. Then I saw that I accidentally deleted ALL the entries in the registry tab,..... ( so now it's empty... also after a restart and a new scan, it stays empty. Now the rkreport looks like this: RogueKiller V7.6.4 [07/17/2012] durch Tigzy mail: tigzyRK<at>gmail<dot>com Kommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Gestartet in: Normal Modus Benutzer: Mats [Admin Rechte] Funktion: Scannen --Datum: 07/20/2012 16:39:31 ¤¤¤ Böswillige Prozesse: 0 ¤¤¤ ¤¤¤ Registry-Einträge: 1 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:18079) -> FOUND ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\L --> FOUND [ZeroAccess][FOLDER] @ : c:\users\mats\appdata\local\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\mats\appdata\local\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\mats\appdata\local\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤ ¤¤¤ Infektion : ZeroAccess ¤¤¤ ¤¤¤ Hosts-Datei: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com ¤¤¤ MBR überprüfen: ¤¤¤ +++++ PhysicalDrive0: WDC WD1600JS-00NCB1 ATA Device +++++ --- User --- [MBR] 58c1a8f8433f520a8a4d855f14438bfd [bSP] a40b8b8d6cdfdb474db9450c36998549 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD15EARS-00Z5B1 ATA Device +++++ --- User --- [MBR] 56f446c62a3c061226af88fd42e53253 [bSP] f62e031a7367a40b71e431e379ca7c46 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1365698 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2797156352 | Size: 64999 Mo User = LL1 ... OK! User = LL2 ... OK! Abgeschlossen : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
  8. mats_mats
    Here it is: RogueKiller V7.6.4 [07/17/2012] durch Tigzy mail: tigzyRK<at>gmail<dot>com Kommentare: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Betriebssystem: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Gestartet in: Normal Modus Benutzer: Mats [Admin Rechte] Funktion: Scannen --Datum: 07/20/2012 16:19:29 ¤¤¤ Böswillige Prozesse: 0 ¤¤¤ ¤¤¤ Registry-Einträge: 6 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (socks=127.0.0.1:18079) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Mats\AppData\Local\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\n.) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\mats\appdata\local\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\mats\appdata\local\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\mats\appdata\local\{7821d9a2-fc42-7211-1137-64bc3a86f7f5}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Treiber: [NICHT GELADEN] ¤¤¤ ¤¤¤ Infektion : ZeroAccess ¤¤¤ ¤¤¤ Hosts-Datei: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com ¤¤¤ MBR überprüfen: ¤¤¤ +++++ PhysicalDrive0: WDC WD1600JS-00NCB1 ATA Device +++++ --- User --- [MBR] 58c1a8f8433f520a8a4d855f14438bfd [bSP] a40b8b8d6cdfdb474db9450c36998549 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WDC WD15EARS-00Z5B1 ATA Device +++++ --- User --- [MBR] 56f446c62a3c061226af88fd42e53253 [bSP] f62e031a7367a40b71e431e379ca7c46 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1365698 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2797156352 | Size: 64999 Mo User = LL1 ... OK! User = LL2 ... OK! Abgeschlossen : << RKreport[1].txt >> RKreport[1].txt
  9. mats_mats
    Hello MrCharlie, thanks so much for your help! I've removed utorrent and performed the frst scans, see the txt files below: frst.txt: Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 Ran by SYSTEM at 20-07-2012 16:02:44 Running from I:\ Windows 7 Ultimate (X64) OS Language: German Standard The current controlset is ControlSet001 ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK. ========================== Registry (Whitelisted) ============= HKLM\...\Run: [CTHelper] CTHELPER.EXE [x] HKLM-x32\...\Winlogon: [userinit] [x] HKLM-x32\...\Winlogon: [shell] [x ] () Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) ====== 3 Creative Audio Engine Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe" [79360 2010-08-27] (Creative Labs) 2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) 3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation) 3 idsvc; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [878416 2009-06-10] (Microsoft Corporation) ========================== Drivers (Whitelisted) ============= 3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation) 3 b57nd60x; C:\Windows\System32\Drivers\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation) 3 CTAUDFX.SYS; C:\Windows\System32\drivers\CTAUDFX.SYS [555096 2010-03-18] (Creative Technology Ltd) 3 ctdvda2k; C:\Windows\System32\Drivers\ctdvda2k.sys [347144 2010-03-18] (Creative Technology Ltd) 3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [118784 2009-07-13] (Intel Corporation) 3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation) 3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [277536 2010-03-04] (Realtek ) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-09 03:05 - 2012-07-09 03:13 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0 ============ 3 Months Modified Files ======================== ========================= Known DLLs (Whitelisted) ============ C:\Windows\SysWOW64\clbcatq.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\COMDLG32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\gdi32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\IERTUTIL.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\IMAGEHLP.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\IMM32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\MSCTF.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\MSVCRT.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\NORMALIZ.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\NSI.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\OLEAUT32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\PSAPI.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\rpcrt4.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\sechost.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\Setupapi.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\SHELL32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\SHLWAPI.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\URLMON.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\WININET.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\WLDAP32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\WS2_32.dll IS MISSING <==== ATTENTION! C:\Windows\SysWOW64\DifxApi.dll IS MISSING <==== ATTENTION! ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe [2009-07-14 00:37] - [2009-07-14 02:14] - 0285696 ____A (Microsoft Corporation) 8EC6A4AB12B8F3759E21F8E3A388F2CF C:\Windows\System32\wininit.exe [2009-07-14 00:36] - [2009-07-14 02:14] - 0096256 ____A (Microsoft Corporation) B5C5DCAD3899512020D135600129D665 C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!. C:\Windows\explorer.exe [2009-07-14 00:41] - [2009-07-14 02:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\svchost.exe [2009-07-14 00:19] - [2009-07-14 02:14] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866 C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\services.exe [2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\User32.dll [2009-07-14 00:24] - [2009-07-14 02:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861 C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\userinit.exe [2009-07-14 00:34] - [2009-07-14 02:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175 C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\Drivers\volsnap.sys [2009-07-14 00:11] - [2009-07-14 02:19] - 0245328 ____A (Microsoft Corporation) 58DF9D2481A56EDDE167E51B334D44FD ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 13% Total physical RAM: 4095.24 MB Available physical RAM: 3528.39 MB Total Pagefile: 4093.39 MB Available Pagefile: 3510.02 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (Sylvia) (Fixed) (Total:149.04 GB) (Free:59.92 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (Daten) (Fixed) (Total:1333.69 GB) (Free:171.26 GB) NTFS 3 Drive f: () (Fixed) (Total:63.48 GB) (Free:15.77 GB) NTFS 5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 6 Drive i: (DRÖMSTICK) (Removable) (Total:7.47 GB) (Free:4.41 GB) FAT32 7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 8 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 1397 GB 0 B Datentr„ger 1 Online 149 GB 8 MB Datentr„ger 2 Online 7667 MB 0 B Partitions of Disk 0: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 100 MB 1024 KB Partition 2 Prim„r 1333 GB 101 MB Partition 3 Prim„r 63 GB 1333 GB ================================================================================== Disk: 0 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Y NTFS Partition 100 MB Fehlerfre ================================================================================== Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E Daten NTFS Partition 1333 GB Fehlerfre ================================================================================== Disk: 0 Partition 3 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 F NTFS Partition 63 GB Fehlerfre ================================================================================== Partitions of Disk 1: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 149 GB 31 KB ================================================================================== Disk: 1 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 C Sylvia NTFS Partition 149 GB Fehlerfre ================================================================================== Partitions of Disk 2: =============== Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 7655 MB 22 KB ================================================================================== Disk: 2 Partition 1 Typ : 0B Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 6 I DR™MSTICK FAT32 Wechselmed 7655 MB Fehlerfre ================================================================================== ========================================================== Last Boot: 2009-10-14 03:08 ======================= End Of Log ========================== search.txt: Farbar Recovery Scan Tool Version: 20-07-2012 Ran by SYSTEM at 2012-07-20 16:03:55 Running from I:\ ================== Search: "services.exe" =================== C:\Windows.old\Windows\system32\services.exe [2006-02-28 13:00] - [2009-02-09 11:04] - 0111104 ____A (Microsoft Corporation) 65F6B774819BD727358157CEDEA67B8E C:\Windows.old\Windows\system32\dllcache\services.exe [2006-02-28 13:00] - [2009-02-09 11:04] - 0111104 ___AC (Microsoft Corporation) 65F6B774819BD727358157CEDEA67B8E C:\Windows.old\Windows\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\services.exe [2009-09-21 09:52] - [2008-04-14 03:22] - 0109056 ____A (Microsoft Corporation) 4BB6A83640F1D1792AD21CE767B621C6 C:\Windows.old\Windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP3QFE\services.exe [2009-09-18 18:49] - [2009-02-09 12:14] - 0111104 ____A (Microsoft Corporation) F0A7D59AF279326528715B206669B86C C:\Windows.old\Windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP3GDR\services.exe [2009-09-18 18:49] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC C:\Windows.old\Windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP2QFE\services.exe [2009-09-18 18:49] - [2009-02-09 10:48] - 0111104 ____A (Microsoft Corporation) A07CA23EA361A01E627D911CF139B950 C:\Windows.old\Windows\SoftwareDistribution\Download\93e58f5d52bf354542037f044fc8ca09\SP2GDR\services.exe [2009-09-18 18:49] - [2009-02-09 11:04] - 0111104 ____A (Microsoft Corporation) 65F6B774819BD727358157CEDEA67B8E C:\Windows.old\Windows\$NtUninstallKB956572$\services.exe [2009-09-18 19:05] - [2006-02-28 13:00] - 0108544 ___AC (Microsoft Corporation) EDB6B81761BD60F32F740BBC40AFB676 C:\Windows.old\Windows\$hf_mig$\KB956572\SP3QFE\services.exe [2009-09-18 18:49] - [2009-02-09 12:14] - 0111104 ____A (Microsoft Corporation) F0A7D59AF279326528715B206669B86C C:\Windows.old\Windows\$hf_mig$\KB956572\SP3GDR\services.exe [2009-09-18 18:49] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) A3EDBE9053889FB24AB22492472B39DC C:\Windows.old\Windows\$hf_mig$\KB956572\SP2QFE\services.exe [2009-09-18 18:49] - [2009-02-09 10:48] - 0111104 ____A (Microsoft Corporation) A07CA23EA361A01E627D911CF139B950 C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 C:\Windows\System32\services.exe [2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ====== End Of Search ====== thanks, mats_mats
  10. mats_mats
    Hello, I can't get rid of a trojan that malwarebytes identifies as "trojan.dropper.bcminer" - it keeps coming back,... I've read it's very dangerous and I need your help, please! Thank you very much in advance!! My 2 dds logfiles are: dds.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Mats at 15:40:25 on 2012-07-20 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.43.1031.18.4095.2423 [GMT 2:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\vsnpstd3.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Windows\SysWOW64\CtHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\wuauclt.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?AF=109989&babsrc=HP_ss&mntrId=80db860f00000000000000252254169c uInternet Settings,ProxyServer = socks=127.0.0.1:18079 uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL mRun: [CTHelper] CTHELPER.EXE mRun: [<NO NAME>] mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{68093085-2855-471A-8FE0-DCF7B3D3B2EF} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {18DF081C-E8AD-4283-A596-FA578C2EBDC3} BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} {9030D464-4C02-4ABF-8ECC-5164760863C6} {AE7CD045-E861-484f-8273-0445EE161910} {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} {B4F3A835-0E21-4959-BA22-42B3008E02FF} {DBC80044-A445-435b-BC74-9C25C1C588A9} {F4971EE7-DAA0-4053-9964-665D8EE6A077} {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} {47833539-D0C5-4125-9FA8-0819E2EAAC93} {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL mRun-x64: [CTHelper] CTHELPER.EXE mRun-x64: [(Standard)] mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mats\AppData\Roaming\Mozilla\Firefox\Profiles\jukgosb3.default\ FF - prefs.js: browser.startup.homepage - hxxp://de.mg4.mail.yahoo.com/neo/launch?.rand=fbjcn5a0r5bu8 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Users\Mats\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-9 44808] R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-1-17 331608] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?] R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?] R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-16 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856] S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-2-28 79360] S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?] S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?] S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?] S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?] S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-16 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-10 113120] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-18 18:37:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-17 20:27:16 -------- d-----w- C:\Program Files (x86)\Emsisoft HiJackFree 2012-07-17 20:02:12 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-09 15:46:21 -------- d-----w- C:\Users\Mats\AppData\Roaming\Diercke Globus Online 2012-07-09 15:46:04 947517 ----a-w- C:\Windows\Diercke Globus Online Uninstaller.exe 2012-07-09 15:46:04 -------- d-----w- C:\Program Files (x86)\ImagonShared 2012-07-09 15:46:04 -------- d-----w- C:\Program Files (x86)\Diercke Globus Online 2012-07-09 15:39:22 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-07-09 09:44:53 -------- d-----w- C:\Users\Mats\AppData\Roaming\Malwarebytes 2012-07-09 01:14:59 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-09 01:14:58 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-09 01:14:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-08 17:55:08 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-07-08 17:54:57 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-07-08 17:54:53 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-07-08 17:54:39 41224 ----a-w- C:\Windows\avastSS.scr 2012-07-08 17:54:31 -------- d-----w- C:\ProgramData\AVAST Software 2012-07-08 17:54:31 -------- d-----w- C:\Program Files\AVAST Software 2012-07-08 10:01:22 -------- d-----w- C:\Users\Mats\AppData\Roaming\Logef 2012-07-05 21:34:00 -------- d-----w- C:\Users\Mats\dwhelper 2012-06-23 13:41:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-23 13:41:26 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-23 13:41:10 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-23 13:41:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-07-18 18:37:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll 2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll 2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll 2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe 2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll 2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll 2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-06-11 11:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-06-11 11:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-06-11 11:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-06-11 11:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-06-11 11:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-06-11 11:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll 2012-06-11 11:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-05-18 10:25:38 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll . ============= FINISH: 15:40:56,21 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 28.02.2012 12:59:56 System Uptime: 20.07.2012 13:37:39 (2 hours ago) . Motherboard: ASRock | | 870 Extreme3 Processor: AMD Phenom II X4 955 Processor | CPUSocket | 800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 63 GiB total, 15,75 GiB free. D: is FIXED (NTFS) - 149 GiB total, 59,96 GiB free. E: is FIXED (NTFS) - 1334 GiB total, 171,263 GiB free. F: is CDROM () G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: Creative Game Port Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&2B4059EA&0&31A4 Manufacturer: Creative Name: Creative Game Port PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&2B4059EA&0&31A4 Service: . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: AODDriver4.1 Device ID: ROOT\LEGACY_AODDRIVER4.1\0000 Manufacturer: Name: AODDriver4.1 PNP Device ID: ROOT\LEGACY_AODDRIVER4.1\0000 Service: AODDriver4.1 . ==== System Restore Points =================== . RP108: 18.07.2012 23:00:11 - Geplanter Prüfpunkt . ==== Installed Programs ====================== . Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Audition 2.0 Adobe Bridge 1.0 Adobe Common File Installer Adobe Community Help Adobe Creative Suite 5 Master Collection Adobe Flash Player 11 ActiveX Adobe Help Center 2.0 Adobe Media Player AMD USB Filter Driver AMD VISION Engine Control Center ASRock OC Tuner v2.3.81 µTorrent avast! Free Antivirus calibre Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Creative-Audiokonsole Creative Software AutoUpdate D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diercke Globus Online DogFighter_Launcher version 1.0 Drakensang (Patch Version 1.01) Driver Sweeper 2.1.0 Emsisoft HiJackFree 4.5 Facebook Video Calling 1.2.0.159 FileZilla Client 3.1.1.1 Freemake Video Converter version 1.3.0 Freizeitkarte_Deutschland (Ausgabe 12.02) Freizeitkarte_Oesterreich (Ausgabe 12.02) Garmin MapSource Garmin Training Center 3.4.3 Garmin USB Drivers GmapTool 0.5.2 Google Chrome Google Earth Google Update Helper GSAK 8.1.0.10 (Final) High-Definition Video Playback 10 Hotspot Shield 2.25 IrfanView (remove only) Java Auto Updater Java 6 Update 31 JDownloader 0.9 Junk Mail filter update Malwarebytes Anti-Malware Version 1.62.0.1300 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XNA Framework Redistributable 3.1 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mobipocket Creator 4.2 Mopsos 1.0.118 28.11.2011 Mozilla Firefox 13.0.1 (x86 de) Mozilla Maintenance Service Mp3tag v2.49 MSVC80_x86_v2 MSVCRT MSVCRT_amd64 NBA 2K12 NEC Electronics USB 3.0 Host Controller Driver Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack Basic Nero BackItUp 10 Help (CHM) Nero Burning ROM 10 Nero BurningROM 10 Help (CHM) Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero CoverDesigner 10 Help (CHM) Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Dolby Files 10 Nero Express 10 Help (CHM) Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero MediaHub 10 Help (CHM) Nero Multimedia Suite 10 Nero Recode 10 Nero Recode 10 Help (CHM) Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero SoundTrax 10 Help (CHM) Nero StartSmart 10 Help (CHM) Nero Vision 10 Nero Vision 10 Help (CHM) Nero WaveEditor 10 Help (CHM) Nokia Connectivity Cable Driver Nokia PC Suite NVIDIA PhysX OpenAL PC Connectivity Solution PDF Settings CS5 RCH65 Spoiler Downloader Realtek Ethernet Controller Driver For Windows 7 RRK Turkey Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Skype Click to Call Skype™ 5.9 SopCast 3.5.0 SoulSeek 157 NS 13e Spotify StreamTorrent 1.0 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Veetle TV VLC media player 2.0.1 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin . ==== End Of File =========================== Thank you!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.