Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.11.2011, 07:55   #16
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Zitat:
Zitat von Zyx124 Beitrag anzeigen
Ich habe die Systemwiederherstellung im Abgesichten Modus durchgeführt - und es hat funktioniert.
Desktop / Startmenü / Taskleiste etc. wieder wie vorher.
das ist schonmal gute Nachricht, wegen Avira schaffen wir es noch

Zitat:
► Falls die Programme/Tools nicht mehr vorhanden, erneut herunterladen, ansonsten erneut ausführen und wo es benötigt wird (z.B Malwarebytes) Update ziehen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

4.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.


  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

6.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter
Zitat:
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" (musst du im Forum eingeloggt sein!)
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 29.11.2011, 00:47   #17
Zyx124
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



AntiVir Echtzeitscanner ist aktiviert worden, nachdem er das heutige update geladen hatte.

1) Gmer funktionierte nicht richtig und wurde daraufhin geschlossen

2) hat folgendes Ergenbis gebracht:

Code:
ATTFilter
 Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD2500BEVS-22UST0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
1 ntkrnlpa!IofCallDriver[0x82693912] -> \Device\Harddisk0\DR0[0x8558FAC8]
3 CLASSPNP[0x8073D8B3] -> ntkrnlpa!IofCallDriver[0x82693912] -> [0x85385C10]
5 acpi[0x8060F6BC] -> ntkrnlpa!IofCallDriver[0x82693912] -> \Device\Ide\IdeDeviceP0T0L0-0[0x845AB528]
kernel: MBR read successfully
user & kernel MBR OK
         
__________________


Alt 01.12.2011, 00:33   #18
Zyx124
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Nummer 3)

Code:
ATTFilter
 Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8279

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

01.12.2011 00:31:54
mbam-log-2011-12-01 (00-31-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 390327
Laufzeit: 4 Stunde(n), 30 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.
         
__________________

Alt 01.12.2011, 16:33   #19
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



fehlende Schritte noch, dann schauen wir weiter
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 01.12.2011, 21:10   #20
Zyx124
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



... und weiter geht's:

# 4)
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.12.2011 20:18:22 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\D***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 47,86% Memory free
3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,29 Gb Total Space | 63,18 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
Drive D: | 73,64 Gb Total Space | 72,15 Gb Free Space | 97,97% Space Free | Partition Type: NTFS
 
Computer Name: H*** | User Name: D*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.01 20:16:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\D***\Downloads\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.29 08:09:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.26 13:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.05.31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe
PRC - [2006.12.29 10:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.20 21:06:39 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.10.20 21:02:00 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011.10.20 21:01:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011.10.20 20:59:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.20 20:19:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.20 20:18:14 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.20 20:17:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.20 20:12:56 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.20 20:12:17 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.09.29 08:09:51 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009.09.04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.10.31 10:40:26 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2007.10.31 10:40:26 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007.10.31 10:40:26 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2007.10.31 10:40:26 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.34821__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2007.10.31 10:40:26 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2007.10.31 10:40:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2007.10.31 10:40:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2007.10.31 10:40:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2007.10.31 10:40:26 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2007.10.31 10:40:25 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2007.10.31 10:40:24 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2007.10.31 10:39:58 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.34776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:58 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.34843__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:58 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.34857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:58 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.34781__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2007.10.31 10:39:58 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34549__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:58 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.34773__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2007.10.31 10:39:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.34842__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2007.10.31 10:39:57 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.34815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:57 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.34707__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:57 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34606__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:57 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34557__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:57 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.34795__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2007.10.31 10:39:57 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34599__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:57 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.34728__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.34703__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2007.10.31 10:39:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.34727__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2007.10.31 10:39:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34612__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2007.10.31 10:39:56 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.34698__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.34748__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2007.10.31 10:39:56 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34613__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2007.10.31 10:39:56 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.34694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2007.10.31 10:39:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.34702__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2007.10.31 10:39:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.34747__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2007.10.31 10:39:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007.10.31 10:39:56 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007.10.31 10:39:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007.10.31 10:39:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007.10.31 10:39:55 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007.10.31 10:39:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007.10.31 10:39:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007.10.31 10:39:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2007.10.31 10:39:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007.10.31 10:39:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2007.10.31 10:39:54 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007.10.31 10:39:54 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007.10.31 10:39:54 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007.10.31 10:39:54 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007.10.31 10:39:54 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007.10.31 10:39:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007.10.31 10:39:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007.10.31 10:39:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007.10.31 10:39:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007.10.31 10:39:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007.10.31 10:39:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2007.10.31 10:39:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007.10.31 10:39:53 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007.10.31 10:39:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007.10.31 10:39:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007.10.31 10:39:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007.10.31 10:39:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007.10.31 10:39:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007.10.31 10:39:52 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007.10.31 10:39:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007.10.31 10:39:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007.10.31 10:39:52 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007.10.31 10:39:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007.10.31 10:39:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007.10.31 10:39:45 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2589.34827_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2007.10.31 10:39:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007.10.31 10:39:44 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007.10.31 10:39:44 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007.10.31 10:39:44 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007.10.31 10:39:44 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007.10.31 10:39:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007.10.31 10:39:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007.10.31 10:39:43 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007.10.31 10:39:43 | 000,389,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2589.34827__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007.10.31 10:39:43 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007.10.31 10:39:42 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007.10.31 10:39:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007.10.31 10:39:41 | 001,404,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34543__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007.10.31 10:39:40 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007.10.31 10:39:40 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007.10.31 10:39:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007.10.31 10:39:40 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007.10.31 10:39:40 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007.10.31 10:39:39 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll
MOD - [2007.02.02 15:01:32 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007.01.19 17:23:44 | 000,016,384 | R--- | M] () -- c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.22 20:01:17 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2010.03.21 22:36:03 | 000,078,848 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV85.sys -- (SSHDRV85)
DRV - [2010.01.12 05:42:22 | 000,241,696 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.26 14:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.09.05 13:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.02.02 15:09:42 | 002,385,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.15 20:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.16 14:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.16 14:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D***\AppData\Roaming\mozilla\Extensions
[2011.10.16 14:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.09.06 08:16:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E8D4F1F-A046-4298-B111-550053B2421C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EF3BF4C-F6B3-438F-8402-7DAD0C622F39}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA0539F3-C15B-4032-80A3-D7E5DEAB94D1}: NameServer = 62.109.123.7 213.191.92.86
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.28 22:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.28 22:06:44 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.23 20:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.11.18 00:30:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.17 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\D***\AppData\Roaming\Malwarebytes
[2011.11.17 20:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.17 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.15 01:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.11.13 22:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.11.13 22:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.11.13 21:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.01 20:15:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.12.01 20:08:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.01 20:08:08 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 20:08:08 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 20:07:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.01 20:07:48 | 2011,283,456 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.01 07:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.29 03:35:37 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.29 03:35:37 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.29 03:35:37 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.29 03:35:37 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.28 22:06:51 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.28 21:55:10 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.11.28 21:46:08 | 000,302,592 | ---- | M] () -- C:\Users\D***\Desktop\0s4deved.exe
[2011.11.15 01:20:14 | 000,014,410 | ---- | M] () -- C:\Users\D***\Desktop\Extras.zip
[2011.11.15 01:08:04 | 000,008,801 | ---- | M] () -- C:\Users\D***\Desktop\OTL.zip
[2011.11.15 01:07:39 | 000,001,032 | ---- | M] () -- C:\Users\D***\Desktop\Gmer.zip
[2011.11.14 22:19:43 | 000,000,000 | ---- | M] () -- C:\Users\D***\defogger_reenable
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.28 22:06:51 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.28 21:56:39 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.11.28 21:46:05 | 000,302,592 | ---- | C] () -- C:\Users\D***\Desktop\0s4deved.exe
[2011.11.27 14:23:12 | 2011,283,456 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.15 01:20:26 | 000,014,410 | ---- | C] () -- C:\Users\D***\Desktop\Extras.zip
[2011.11.15 01:10:51 | 000,001,032 | ---- | C] () -- C:\Users\D***\Desktop\Gmer.zip
[2011.11.15 01:10:41 | 000,008,801 | ---- | C] () -- C:\Users\D***\Desktop\OTL.zip
[2011.11.14 22:19:43 | 000,000,000 | ---- | C] () -- C:\Users\D***\defogger_reenable
[2010.08.13 09:33:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.08.13 09:33:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.12 11:55:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.08.09 21:05:04 | 000,000,037 | ---- | C] () -- C:\Windows\eprint.INI
[2010.08.07 22:03:57 | 000,000,680 | ---- | C] () -- C:\Users\D***\AppData\Local\d3d9caps.dat
[2010.05.15 20:12:49 | 000,179,649 | ---- | C] () -- C:\Windows\hpoins38.dat.temp
[2010.05.15 20:12:49 | 000,000,622 | ---- | C] () -- C:\Windows\hpomdl38.dat.temp
[2010.05.15 17:35:10 | 000,182,964 | ---- | C] () -- C:\Windows\hpoins38.dat
[2010.05.15 17:35:09 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat
[2010.03.21 22:36:03 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys
[2010.02.14 16:58:30 | 000,000,024 | ---- | C] () -- C:\Windows\tm.ini
[2010.02.14 15:01:44 | 000,000,248 | ---- | C] () -- C:\Windows\BUHL.INI
[2009.12.09 20:00:24 | 000,001,294 | ---- | C] () -- C:\Windows\wiso.ini
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.01.01 14:26:37 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.01.01 14:26:37 | 000,000,088 | RHS- | C] () -- C:\ProgramData\49D5FA307F.sys
[2008.12.22 19:55:19 | 000,003,584 | ---- | C] () -- C:\Users\D***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.13 22:52:54 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.22 22:09:43 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2008.02.22 22:09:42 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.02.22 22:09:42 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.02.16 17:15:31 | 000,000,778 | ---- | C] () -- C:\Windows\eReg.dat
[2007.10.31 10:36:11 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.10.31 10:36:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.31 10:36:10 | 000,128,813 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_3.dll
[2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_2.dll
[2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_1.dll
[2007.06.27 12:22:54 | 000,692,224 | ---- | C] () -- C:\Windows\libcurl.dll
[2006.11.02 16:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,414,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[1997.09.04 00:00:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\VADE232.DLL
[1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2011.11.27 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\BDEDIT
[2011.11.27 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\BDHTHELP
[2010.02.14 13:16:08 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\Bullzip
[2010.09.18 13:47:38 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\GARMIN
[2010.05.11 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\ICQ
[2010.02.27 17:58:06 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\ICQ Toolbar
[2010.02.14 15:04:49 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\tax
[2011.06.13 21:59:27 | 000,000,000 | ---D | M] -- C:\Users\D***\AppData\Roaming\temp
[2011.12.01 08:04:49 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.12.2011 20:18:22 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\D***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 47,86% Memory free
3,98 Gb Paging File | 2,85 Gb Available in Paging File | 71,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,29 Gb Total Space | 63,18 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
Drive D: | 73,64 Gb Total Space | 72,15 Gb Free Space | 97,97% Space Free | Partition Type: NTFS
 
Computer Name: H*** | User Name: D*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03815124-18D5-4403-B6E0-5022896F851D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{0784789C-A995-4B16-AD2A-533142DF48F3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0B79A398-D137-4742-9579-FCAB4D55BEA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{10B86021-F184-43DE-BE05-42646B27BEC2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1157AC94-8F81-4DE3-946B-8B5CD1B2F01D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1521D7B9-3C80-4963-9DB3-25FDB19611F5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{201967BE-5321-4634-8414-7FD55D267EA4}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{22E76731-0A68-4374-89C9-7B83BAF72C98}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{26B55C68-1D0B-4968-BEB8-ACE3E5D46030}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{3106AA19-568C-4355-9457-632CE73ED94E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{31E75A0D-D1B5-4F7C-9E43-4B57F7E8B837}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{3649612D-2E15-47D0-9E11-3CDE91132E9F}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{3EDE2497-C8E8-49DD-B59F-C1D6D8066692}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{3F69EFD1-7A7A-4328-B8B2-DDCE48F5F62A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{44024047-7085-426D-A02E-7F440BED01F4}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{460A7FA4-DE3A-4F3B-9BAB-6EC2A52DF809}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4ADB6BE4-ED64-4D63-A3FE-26046D59F41F}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{4C2127AB-4AA4-4899-8A84-AFDDADBA91AA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{50B3AAD6-EF7F-48DE-88DB-DE79A02BA001}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5B95CAFB-50EB-4AA8-BCD4-3ED448BB5075}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5E53AF24-A693-4C85-B7F4-CB81E1CCBE9F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{5EFA513F-36A2-48A7-872E-34453782D2A8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{66A52798-37AA-42CB-9039-3479B9F6DBAE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6D64EEC9-528A-4EAB-B5AE-BE17FF8F1559}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{7523C062-99C3-4D7C-99AB-6764B5457578}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{867BFC63-BEED-402D-8E66-CE5B5A3AA079}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{8CEA0030-C8B0-450E-AF99-A35538D67CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{93E2B2B7-A3F2-49D3-B719-9C4AA47F470E}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{94612743-FB2D-4F9A-ACF1-91CB23529D5C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{963FC710-AC5A-4CEF-9B63-45CA73553694}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{9B3A698B-E0C7-455D-99A8-BBB975ED4785}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A1AEF819-DEE0-4738-8747-5C7881074A2A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{A502A13B-023C-44CC-8AAB-9477F15303F6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A6FB03E6-1D71-4C29-89C7-47AF29A7FA43}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{B2939187-EA21-40A7-9DC5-B852E5C8B23F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BCD8B253-6684-4F4D-881E-71431276FC2B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BE6CC0A0-0843-4B80-912D-F44231A8AECF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BEF3C52A-BF45-45D5-8601-428D9C0D9DF3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C499D6AA-A352-4704-AE00-4D909DB2CD0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C7536E93-FD8E-443F-864E-7AFBD4EDA02A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D07F9716-F2DF-4703-93D9-229FA3FBBFB7}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{D13F24B7-A166-4EB4-80D0-D1BE9F90EF59}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{D1AC7322-4777-4940-B7A3-17EE26F6CA57}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{E7B89B54-3233-4084-93C0-0848E5966932}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{EC9A2D6D-1664-400A-B8FD-EC1603128B7B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{EDB1C69A-0A44-49EB-8A54-DC7323345BBE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F4EE9210-B533-456F-8D56-37B7DDA47E56}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{F8891D9B-F045-49F8-934D-0C768F168923}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{FFE9CEF5-112E-4B7A-BAF8-4A25BECA686F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F5A5FA-7090-440E-A4CE-BE1576D18D3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0738BA49-FEDD-4877-A6DD-D435A0B7FD74}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{11219396-CB69-4CAE-B302-3BAA3E43A58E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{1337B7B0-F15C-4CB1-BB8F-6A75FC6830E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{134DF7D5-96AA-4925-A67D-5C11815BCDD5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{18CD1637-239F-468C-AF72-483A93C869AC}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{18D49F0C-1D05-4A21-8C26-C9A38C7A71D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{1916216E-EAD6-4CC4-AD33-553FEE14BADE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{2005DD88-F341-47D4-890D-272B1B88587B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{256E5AF1-B5C2-4D8E-B98A-C036B24840D1}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{3EA572FE-9743-469A-8157-BB277EA1E7EF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{428787B7-C8D9-40AC-990E-E381C29FC308}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{511E40B3-E5F8-4FB2-9514-ABEE2560D248}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{58838C00-1FD9-4A60-AEEA-121C9F2D4183}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5A08A4E3-AAED-419D-B1FC-09242A0B9A95}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{5C4E39C8-45FF-4CA0-9F8E-37D438D227CB}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{7156B9C8-FDDD-4856-8308-A4294EFE295F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{728DED85-7C4C-436B-B0F2-B0E3C2E0C52B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{7C882E1E-81FE-41EA-8238-2AF036DFEB5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{852177A9-B432-40FC-BFCC-067F13099F45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{917F5B78-0C1C-4F0D-8BBE-FC0B04223EC6}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{91E93FF4-0F7F-4D24-90DB-7BCD4726018C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9456AAA2-5A21-4C83-AFE5-D435D22A65A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{94C4A150-1D94-4450-ACD9-61240C3C1097}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{96716147-F4C3-4A8F-9F94-C9096B1063E7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9A0B92A5-1DE7-4855-BD46-3954AEA4E9A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9D5B5063-74CA-4DEA-A4C5-7DAD0D6B24B9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{9F5B793D-93A5-47C5-8440-CE41DB4D081A}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{ABFB6E91-FA92-4D33-8A60-034AE4B95C8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AF7016AC-944C-499A-B4DF-EB97B151B933}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{B201EC31-C2B2-4B80-8520-B0CC5A996E11}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B2B92696-4DB9-4645-9AD9-BF578F24BA48}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{B6F570B4-3490-4FF6-9657-C89DA5B92C93}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B6FA6634-54C2-4171-A4AC-917123EE9503}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{B70CFD70-331B-458F-8351-7ACC3168279C}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{C64F857B-1AE6-40CA-9F66-37C624C1195D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CD3B41D0-DBB7-4255-9BA6-260C9227FB5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{CE750F41-D471-4F35-9EE9-D34F1A39E6CB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D2118D81-D8BE-4C06-B4DF-38F2E900AE4C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{D3959EA2-4375-4B83-8338-E53DECD98AB6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D41A088E-D928-4E2D-A9FB-803054DF0028}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{D9739EE4-6DA1-4E6C-ADCA-724C5FD08913}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{DD73F1A1-DE6E-4ED5-87A5-59DD9EE81913}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E01F1D56-23A4-454D-A3CD-4504947115E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E3B9BD05-7A98-458E-87F0-D7A71762BEBD}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E7C4AF19-F429-43FD-8F03-D3C00D509A21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{E9070B8F-F7C5-46B5-9D01-3BE7F1538114}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{EBD17ED9-12DD-4C3A-B001-6CDDADEC0C42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{EBE5F861-0F7B-47F6-81A3-B44A9D1BBFB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{EC40408B-2955-46CE-AEAB-D6CA1AADBDEB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F8633CC1-6E8A-433F-B2F0-8E193B07E13D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{42D1D9AC-4E47-4EA3-960C-185925890B0F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{55BA070B-2615-49E9-BE35-A45B35F55D58}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{67D47B24-EE4F-4B55-B21A-772C0B5F369D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{6936A263-F18A-404D-97BC-B39DA34DC4B0}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{6A836EE1-732D-464E-BAAA-8E0304DF4959}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{341BA61D-4790-4D5B-AEF5-22EF03989E48}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3A5F5B6C-D220-488C-AEA5-970DA3E9AEA7}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{3BD38682-A47F-4BFA-9944-27D354A7C9BC}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{8E8DD0FE-18F4-450E-BA9C-E1DD0CB79FFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{EB88814E-1E38-4D5F-BFAA-155A78B7034B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028741EB-70F5-BF63-EB23-480A7C48F096}" = CCC Help German
"{0343FEB6-43EA-0608-CF1F-6B4D20784AA8}" = Catalyst Control Center Localization Italian
"{03B5882D-D9DB-B950-CBE1-D03DDBFFF458}" = CCC Help Chinese Traditional
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B3A67B0-F54D-2F98-763C-B8E309135C38}" = Catalyst Control Center Localization Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard
"{1F9B00FC-AD74-A45C-3E73-83CF895E9CD0}" = Catalyst Control Center Localization Spanish
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29F482A1-9828-5830-1F96-798E75CB90EB}" = CCC Help French
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2B541619-4920-A88A-AEB6-C4E76672B726}" = ccc-utility
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30A9E47D-2B18-43FC-A562-8D1E3511C737}" = TablePlanner
"{32AFDE70-6890-478B-BC92-8F3C76B8A77B}" = Branding
"{37AF3415-B43F-FB0B-124B-4B207657DF66}" = Catalyst Control Center Localization Japanese
"{396FD726-254C-40D8-8EB6-A00703F134BF}" = Buhl finance - tax 2004 Standard
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E5D1BD1-3451-15A7-D5EB-FB4C1C713C33}" = Catalyst Control Center Localization Chinese Standard
"{3FB83D9B-35B3-44E2-639B-6839332BBB29}" = Catalyst Control Center Localization Portuguese
"{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{48FD4CEC-7ED7-5220-2032-E780075764E4}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587601F9-A917-AE27-263A-0854BE106BE9}" = Catalyst Control Center Localization German
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60101C13-2C13-48FB-855D-33D9F3013133}" = B109a-m
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{625309B9-9853-B259-CA17-DA4838E2D7C6}" = Catalyst Control Center Localization Dutch
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E98E51-BFF9-5922-1316-7AF58170CA54}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97813-ADFC-AA48-D24F-17E6CD41B413}" = Skins
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{74EF2D1D-D3A6-3A56-1DD7-56A338BADD29}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787AD427-7FEB-A87C-4C2E-C95610EF345B}" = Catalyst Control Center Core Implementation
"{7A36BFCB-D8A9-11D7-9E00-0004769EEFEB}" = Default
"{7B80F2CF-3012-41B3-0083-D96E3B923A33}" = Fussball Manager 2003
"{7D489B30-1248-4F90-A99D-8D9169355B78}" = 3D-Globus DVD 2.0
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8535028B-D4EE-B929-97A0-354013AE5D94}" = Catalyst Control Center Localization Korean
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9279B0F3-C831-7C50-9F07-73B1219322B6}" = Catalyst Control Center Localization Chinese Traditional
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{94E89EFD-5841-17EA-4F69-37A5DA58A735}" = CCC Help Spanish
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A983135-BB9F-6E62-F282-AD76BB9551FE}" = CCC Help English
"{9AE73DF3-2349-A626-AE42-7959D7583E2B}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6
"{A603BB91-F08F-025F-4158-E897DC29D037}" = Catalyst Control Center Localization French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA27D595-32F0-97EB-BC94-1ED22E7444A8}" = CCC Help Portuguese
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEBC4CA2-B05F-47E3-8680-B2CDB6E12006}" = WISO Sparbuch 2006
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}" = ccc-core-static
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCC67B82-CD80-9C07-4C4A-D5B9C7137399}" = CCC Help Italian
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CEFD7155-9C9A-4D20-8DEC-3961BBBB0001}" = WISO Sparbuch 2005
"{D2B49278-3321-FFBA-0F7C-127878A9CB5D}" = CCC Help Dutch
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D3F3188E-EC4E-413B-BFEC-6A179ADB14FF}" = MSXML
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D723FE60-F9EC-D688-0274-7BF2FF96E80A}" = Catalyst Control Center Graphics Full New
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E1FA2D24-5633-83B3-3C72-FB3749DAF724}" = CCC Help Swedish
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EE6AA8D9-B369-44A0-A938-C897026B6B7B}" = BDElster-Telemodul
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5E23357-CDCE-0246-677C-8097DAA6F8C5}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}" = Catalyst Control Center Graphics Previews Vista
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ANSTOSS 3_is1" = ANSTOSS 3
"ATI Uninstaller" = ATI Uninstaller
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Google Updater" = Google Updater
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{7D489B30-1248-4F90-A99D-8D9169355B78}" = 3D-Globus DVD 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Office8.0" = Microsoft Office 97, Professional Edition
"Pingus" = Pingus
"Pixum ePrint" = Pixum ePrint 1.2
"S2TNG" = Die Siedler II - Die nächste Generation
"Shop for HP Supplies" = Shop for HP Supplies
"Siedler3Deinstall" = Siedler3
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Windows Mobile Device Handbook" = Windows Mobile®-MDA Touch Handbuch
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.01.2010 10:27:29 | Computer Name = H*** | Source = WerSvc | ID = 5007
Description = 
 
Error - 01.01.2010 14:27:44 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.01.2010 14:27:44 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.01.2010 14:32:43 | Computer Name = H*** | Source = WerSvc | ID = 5007
Description = 
 
Error - 01.01.2010 17:26:31 | Computer Name = H*** | Source = VSS | ID = 8194
Description = 
 
Error - 01.01.2010 19:51:41 | Computer Name = H*** | Source = EventSystem | ID = 4621
Description = 
 
Error - 02.01.2010 16:03:17 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.01.2010 16:03:17 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.01.2010 16:07:54 | Computer Name = H*** | Source = WerSvc | ID = 5007
Description = 
 
Error - 02.01.2010 20:18:07 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 27.11.2011 10:07:06 | Computer Name = H*** | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 27.11.2011 10:20:59 | Computer Name = H*** | Source = DCOM | ID = 10010
Description = 
 
Error - 28.11.2011 16:33:22 | Computer Name = H*** | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 28.11.2011 22:02:48 | Computer Name = H*** | Source = DCOM | ID = 10005
Description = 
 
Error - 28.11.2011 22:02:48 | Computer Name = H*** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 28.11.2011 22:02:48 | Computer Name = H*** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.11.2011 22:05:08 | Computer Name = H*** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 28.11.2011 22:05:08 | Computer Name = H*** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.11.2011 03:00:06 | Computer Name = H*** | Source = DCOM | ID = 10010
Description = 
 
Error - 01.12.2011 03:04:40 | Computer Name = H*** | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


Alt 01.12.2011, 21:13   #21
Zyx124
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Das Ergebnis des CCleaners:
Code:
ATTFilter
 3D-Globus DVD 2.0	NATIONAL GEOGRAPHIC	23.05.2009		1.00.0000
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	15.02.2008	14,0MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	21.03.2011		10.2.153.1
Adobe Reader 8.1.3 - Deutsch	Adobe Systems Incorporated	31.12.2008	99,7MB	8.1.3
Adobe SVG Viewer 3.0		19.12.2010	4,78MB	 3.0
ANSTOSS 3		15.05.2008	638MB	
Apple Application Support	Apple Inc.	13.05.2011	51,0MB	1.5.1
Apple Mobile Device Support	Apple Inc.	13.05.2011	21,8MB	3.4.0.25
Apple Software Update	Apple Inc.	13.05.2011	2,26MB	2.1.2.120
ATI Catalyst Install Manager	ATI Technologies, Inc.	13.03.2008	13,8MB	3.0.641.0
ATI Uninstaller	ATI Technologies, Inc.	15.02.2008	13,9MB	
Audacity 1.2.6		22.10.2010	8,43MB	
Avira Free Antivirus	Avira	27.10.2011	153,2MB	12.0.0.861
BDElster-Telemodul		25.02.2010	0,81MB	
Bonjour	Apple Inc.	13.05.2011	1,10MB	2.0.5.0
Buhl finance - tax 2004 Standard	Buhl Data Service GmbH	26.02.2010	1,09MB	5.00
Bullzip PDF Printer 6.0.0.766	Bullzip	30.04.2009	13,8MB	
CCleaner	Piriform	30.11.2011	4,20MB	3.13
Compatibility Pack für 2007 Office System	Microsoft Corporation	19.09.2011	111,0MB	12.0.6514.5001
CorelDRAW(R) Graphics Suite X4	Corel Corporation	31.12.2008	818MB	
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension	Corel Corporation	31.12.2008	1,81MB	
Default	Ihr Firmenname	15.05.2008	1,91MB	1.00.0000
Die Siedler II - Die nächste Generation		06.03.2010	512MB	
Digitale Bibliothek 4		28.02.2009	7,55MB	
FirstSteps Diagnostics	Fujitsu Siemens Computers	30.10.2007	4,67MB	1.00
FUSSBALL MANAGER 09	Electronic Arts	14.10.2010	3.842MB	
Fussball Manager 2003		18.12.2008	801MB	
Garmin Training Center	Garmin Ltd or its subsidiaries	17.09.2010	58,3MB	3.5.3
Garmin USB Drivers	Garmin Ltd or its subsidiaries	17.09.2010	0,12MB	2.3.0.0
Google Earth	Google	27.06.2008	25,3MB	4.3.7204.836
Google Toolbar for Internet Explorer	Google Inc.	17.09.2011	10,7MB	7.1.2003.1856
Google Updater	Google Inc.	02.10.2011	3,99MB	2.4.2432.1652
GPL Ghostscript Lite 8.63		30.04.2009	11,4MB	
HP Customer Participation Program 14.0	HP	14.05.2010	211MB	14.0
HP Imaging Device Functions 14.0	HP	14.05.2010	2,45MB	14.0
HP Photo Creations	HP Photo Creations Powered by RocketLife	23.05.2010	30,1MB	1.0.0.2261
HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6	HP	14.05.2010	28,1MB	14.0
HP Smart Web Printing 4.60	HP	14.05.2010	25,4MB	4.60
HP Solution Center 14.0	HP	14.05.2010	2,54MB	14.0
HP Update	Hewlett-Packard	14.05.2010	2,97MB	5.002.002.002
iTunes	Apple Inc.	13.05.2011	143,9MB	10.2.2.14
Java(TM) 6 Update 21	Sun Microsystems, Inc.	31.07.2010	293MB	6.0.210
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	27.11.2011	6,77MB	1.51.2.1300
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	23.08.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	22.08.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	12.08.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	12.08.2010	24,5MB	4.0.30319
Microsoft Office 97, Professional Edition		21.02.2008	960MB	
Microsoft Office Home and Student 2010	Microsoft Corporation	08.10.2011	960MB	14.0.6029.1000
Microsoft Silverlight	Microsoft Corporation	18.10.2011	202MB	4.0.60831.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	28.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	25.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	28.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	27.06.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	30.01.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	25.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	20.10.2011	16,5MB	10.0.40219
Microsoft Works	Microsoft Corporation	12.12.2009	3,40MB	08.05.0822
Motorola SM56 Speakerphone Modem	Motorola Inc	12.08.2010	2,71MB	6.12.25.06
Mozilla Firefox 7.0.1 (x86 de)	Mozilla	15.10.2011	32,8MB	7.0.1
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	30.10.2007	1,27MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	14.11.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
Nero 7 Essentials	Nero AG	30.10.2007	377MB	7.02.5851
OpenOffice.org 3.2	OpenOffice.org	31.07.2010	379MB	3.2.9502
Paint.NET v3.36	dotPDN LLC	26.12.2008	3,97MB	3.36.0
Pingus		11.07.2008		0.7.2
Pixum ePrint 1.2	Diginet GmbH & Co. KG	08.08.2010	8,54MB	1.2.5105.10000
QuickTime	Apple Inc.	13.05.2011	72,8MB	7.69.80.9
Realtek High Definition Audio Driver		30.10.2007		
Safari	Apple Inc.	17.11.2009	37,1MB	5.31.21.10
Shop for HP Supplies	HP	14.05.2010	211MB	14.0
Siedler3		04.03.2010	233MB	
softonic-de3 Toolbar	softonic-de3	03.06.2011	10,3MB	
Spelling Dictionaries Support For Adobe Reader 8	Adobe Systems	31.12.2008	32,5MB	8.0.0
t@x 2009 Standard	Buhl Data Service GmbH	31.12.2009	526MB	16.00.6228
t@x 2010 Standard	Buhl Data Service GmbH	30.01.2010	688MB	17.00.6531
t@x 2011	Buhl Data Service GmbH	03.06.2011	659MB	18.00.6928
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)	Garmin	17.09.2010		06/03/2009 2.3.0.0
Windows Live Anmelde-Assistent	Microsoft Corporation	05.03.2009	1,93MB	5.000.818.6
Windows Live Messenger	Microsoft Corporation	12.03.2008	30,0MB	8.5.1302.1018
Windows Mobile Device Center Driver Update	Microsoft Corporation	31.01.2009	42,4MB	6.1.6965.0
Windows Mobile®-MDA Touch Handbuch	Microsoft Corporation	31.01.2009	25,8MB	1.0
WISO Sparbuch 2005	Buhl Data Service GmbH	20.03.2010	104,3MB	12.00.0000
WISO Sparbuch 2006	Buhl Data Service GmbH	21.03.2010	1.132MB	13.00.0000
         
# 6)
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:28:58, on 01.12.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine  - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: softonic-de3 - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: t@x aktuell.lnk = C:\Program Files\Buhl finance\tax Steuersoftware 2011\taxaktuell.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game13.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} (Pixum EasyUploadX Control) - hxxp://www.pixum.de/apps/EasyUploadX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA0539F3-C15B-4032-80A3-D7E5DEAB94D1}: NameServer = 62.109.123.7 213.191.92.86
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9440 bytes
         
--- --- ---
Es kam die Meldung, dass man HijackThis unter Vista "Als Administrator ausführen" soll, jedoch war dies nicht verfügbar... sondern nur "öffnen".

Geändert von Zyx124 (01.12.2011 um 21:33 Uhr)

Alt 02.12.2011, 08:17   #22
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Zitat:
Zitat von Zyx124 Beitrag anzeigen
Es kam die Meldung, dass man HijackThis unter Vista "Als Administrator ausführen" soll, jedoch war dies nicht verfügbar... sondern nur "öffnen".
Rechtsklick > Eigenschaften > Kompatibilität > [X] Als Administrator ausführen > Übernehmen

1.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
Die hier aufgelisteten Programme/Erweiterungen gelten als unnötig, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".
Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen, die Palette reicht von Toolbars und anderen Browser-Addons bis hin zu System-Utilities und oft die Checkbox bereits angeklickt ist, so dass man keine Möglichkeit hat, solche Zusätzprogramme abwählen.
► Einige (recht häufig vorkommende) Beispiele - was Deinen Rechner betrifft ist rot gefärbt :
Code:
ATTFilter
Babylon toolbar
Bing Bar 
Conduit Engine
DAEMON Tools Toolbar 
DVDVideoSoftTB Toolbar
Facemoods Toolbar/Plug-In
Google-Toolbar (Helper) & Partner Service - Google Inc
kikin plugin
McAfee Security Scan Plus <- nicht schädlich, aber unnötig
diverse All-in-one Windows Registry Cleaner, freies System-Optimierer, kostenlose Windows-Uninstaller
softonic-de3 Toolbar
(Windows) Searchqu Toolbar
Whenu Save!
YouTube Downloader Toolbar
         
Hier sind einige der häufigsten Freeware-Anbieter:
Filesharing Software (wie z.B uTorrent, eMule & Co), Instant-Messaging-Client, QIP, IZArc, CPUID HWMonitor , Flash Player, Adobe Air, Silverlight, Foxit-Reader, CCleaner, Adobe Reader, Skype, Dingsby oder den RealPlayer in der Default-Einstellung installiert,
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite von dir festgelegt worden?
unter Extras ⇒ Erweiterungen ungewollte AddOns/PlugIns, Toolbars eingetragen sind?
unter Software/Programme nachsehen, ob irgendwelche Dir unbekannte Software, Toolbars etc eingetragen sind!
3.
FF starten-> "Hilfe"-> über "Firefox"...Version 8 ist aktuell!
Code:
ATTFilter
Mozilla Firefox 7.0.1
         
4.
aktualisieren:
Zitat:
Adobe Flash Player
OpenOffice.org 3.2
5.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

6.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

7.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
[2011.12.01 20:15:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.12.01 20:08:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.01 07:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

9.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

10.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

11.
Empfehlungen/Vorschläge - ► Bitte alles "Buchstabe genau" so machen wie empfohlen, also sehr sorgfälltig vorgehen!:
Achtung!:
Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren muss!

Wie lange dauert die Startvorgang? Unnötige Autostart-Programme abschalten:
Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.
► "Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK
Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart...
Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten`
(Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.)
Falls Du mal brauchst, kannst manuell auch starten
► Also kannst Du, eins nach dem anderen aus dem Autostart rausnehmen, wenn das System nicht benötigt, dann sollten deaktiviert belassen werden

Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*):
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
         
Es ist immer Benutzerspezifisch (ein allgemein gültiges Rezept gibt es nicht), Tipps kann ich Dir geben
► Im Folgenden die bekanntesten Kandidaten auf der Liste, die Du ohne zu bedenken aus dem Autostart herausnehmen kannst:
Zitat:
Schwarz gefärbten - kannst ohne bedenken aus dem Autostart herausnehmen
Rot gefärbten - überlegenswert, ob beim Autostart hochfahren sollten
Code:
ATTFilter
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
         
12.
► Unnötige Dienste auf `Manuell oder Deaktiviert` stellen: Start -> Alle Programme-> Zu behör-> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" -> "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" setzen
Code:
ATTFilter
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
         
13.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis mit Rechtsklick als Administrator starten-> `Do a system scan only`--> Einträge auswählen-> Häckhen setzen-> "Fix checked"klicken-->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Zitat:
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
14.
poste erneut - nach der vorgenommenen Reinigungsaktion:
► TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 04.12.2011, 20:51   #23
Zyx124
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Die Schritte 1-7 habe ich befolgt bzw WindowsDefender war bereits deaktiviert.

Hier das Ergebnis vom Fixen mit OTL:

Code:
ATTFilter
 All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14\ deleted successfully.
C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\prxtbsof0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xcel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c3fc103-dc9d-11dc-9d4f-806e6f6e6963}\ not found.
File E:\Autorun.exe not found.
C:\Windows\Tasks\Google Software Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: D***
->Temp folder emptied: 8239256 bytes
->Temporary Internet Files folder emptied: 401970 bytes
->Java cache emptied: 41618520 bytes
->FireFox cache emptied: 43158340 bytes
->Flash cache emptied: 470 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 44812 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: T***
->Temp folder emptied: 916358655 bytes
->Temporary Internet Files folder emptied: 464566132 bytes
->Java cache emptied: 43621069 bytes
->Apple Safari cache emptied: 1604608 bytes
->Flash cache emptied: 141353 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23226785 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.472,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12042011_203135

Files\Folders moved on Reboot...
File\Folder C:\Users\T***\AppData\Local\Temp\OICE_B3FEF9D9-0CC0-4F73-B074-7BEF837C0DA2.0\6A9727E5. not found!
File\Folder C:\Users\T***\AppData\Local\Temp\OICE_B3FEF9D9-0CC0-4F73-B074-7BEF837C0DA2.0\F427ED00. not found!
File\Folder C:\Users\T***\AppData\Local\Temp\OICE_81C1C343-ED24-44EC-B9F6-0703F64F0597.0\AD028200. not found!
File\Folder C:\Users\T***\AppData\Local\Temp\OICE_6FE71D51-9C0E-493D-B9D9-35FB245E02AD.0\2527A216. not found!
File\Folder C:\Users\T***\AppData\Local\Temp\OICE_5D2851E7-6AC1-4A88-80E0-BAA4CAB30A28.0\D0DD61C4. not found!
File\Folder C:\Users\T***\AppData\Local\Temp\OICE_3C0ECDCA-DB2A-453D-B514-46F3A5C55E3A.0\B8345F5B. not found!
File\Folder C:\Users\T***\AppData\Local\Temp\OICE_2428C7EA-7CD6-4BA1-9866-D79EC3103555.0\6980608B. not found!

Registry entries deleted on Reboot...
         

Alt 04.12.2011, 23:33   #24
Zyx124
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/04/2011 at 11:13 PM

Application Version : 5.0.1136

Core Rules Database Version : 8012
Trace Rules Database Version: 5824

Scan type       : Complete Scan
Total Scan Time : 02:10:36

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 891
Memory threats detected   : 0
Registry items scanned    : 38746
Registry threats detected : 5
File items scanned        : 61924
File threats detected     : 394

Browser Hijacker.Deskbar
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
	HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Adware.Tracking Cookie
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@atwola[2].txt [ Cookie:tamara@atwola.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@weborama[2].txt [ Cookie:tamara@weborama.fr/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@content.yieldmanager[1].txt [ Cookie:tamara@content.yieldmanager.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@adserver.71i[1].txt [ Cookie:tamara@adserver.71i.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@adtech[1].txt [ Cookie:tamara@adtech.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@apmebf[1].txt [ Cookie:tamara@apmebf.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@tacoda[2].txt [ Cookie:tamara@tacoda.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\tamara@advertising[1].txt [ Cookie:tamara@advertising.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.e-domizil[1].txt [ Cookie:tamara@stats.e-domizil.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@axelspringer.122.2o7[1].txt [ Cookie:tamara@axelspringer.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\763FKAK1.txt [ Cookie:tamara@bs.serving-sys.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@sevenoneintermedia.112.2o7[1].txt [ Cookie:tamara@sevenoneintermedia.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@internetstores.112.2o7[1].txt [ Cookie:tamara@internetstores.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@casalemedia[1].txt [ Cookie:tamara@casalemedia.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.3gnet[1].txt [ Cookie:tamara@tracking.3gnet.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9O9UDICJ.txt [ Cookie:tamara@tradedoubler.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@kursnet-finden.arbeitsagentur[1].txt [ Cookie:tamara@kursnet-finden.arbeitsagentur.de/kurs/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bfast[1].txt [ Cookie:tamara@bfast.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@media.adrevolver[1].txt [ Cookie:tamara@media.adrevolver.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-guj.hitbox[2].txt [ Cookie:tamara@ehg-guj.hitbox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@112.2o7[1].txt [ Cookie:tamara@112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wgmielcpwbp.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wgmielcpwbp.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stati.debitel[2].txt [ Cookie:tamara@stati.debitel.de/track/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@overture[2].txt [ Cookie:tamara@overture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\68XF796V.txt [ Cookie:tamara@mediaplex.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hasenet.122.2o7[2].txt [ Cookie:tamara@hasenet.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@list[1].txt [ Cookie:tamara@list.ru/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@specificclick[1].txt [ Cookie:tamara@specificclick.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.zanox-affiliate[1].txt [ Cookie:tamara@www.zanox-affiliate.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@nl.sitestat[2].txt [ Cookie:tamara@nl.sitestat.com/sport1/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.quisma[2].txt [ Cookie:tamara@tracking.quisma.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@roitracking[2].txt [ Cookie:tamara@roitracking.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@statse.webtrendslive[2].txt [ Cookie:tamara@statse.webtrendslive.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[3].txt [ Cookie:tamara@de.sitestat.com/sport1/adv1/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[6].txt [ Cookie:tamara@de.sitestat.com/ing-diba/de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@content.yieldmanager[1].txt [ Cookie:tamara@content.yieldmanager.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hamburgerabendblatt.122.2o7[1].txt [ Cookie:tamara@hamburgerabendblatt.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[4].txt [ Cookie:tamara@de.sitestat.com/bdi/bdi-online/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.71i[1].txt [ Cookie:tamara@adserver.71i.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@alpha.adwaves[1].txt [ Cookie:tamara@alpha.adwaves.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\7S1FW8N7.txt [ Cookie:tamara@serving-sys.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ads.quartermedia[2].txt [ Cookie:tamara@ads.quartermedia.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@premiumtv.122.2o7[1].txt [ Cookie:tamara@premiumtv.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\1N8YBQZQ.txt [ Cookie:tamara@adtech.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.zdf[2].txt [ Cookie:tamara@www.zdf.de/ZDFmediathek/content/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@s4.trafficmaxx[1].txt [ Cookie:tamara@s4.trafficmaxx.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@sixtgmbh.112.2o7[1].txt [ Cookie:tamara@sixtgmbh.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@revsci[1].txt [ Cookie:tamara@revsci.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-baa.hitbox[2].txt [ Cookie:tamara@ehg-baa.hitbox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[8].txt [ Cookie:tamara@de.sitestat.com/conrad-de/conrad/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ads.mediaflite[1].txt [ Cookie:tamara@ads.mediaflite.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@mh.motorpresse-statistik[1].txt [ Cookie:tamara@mh.motorpresse-statistik.de/track/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T121DJQF.txt [ Cookie:tamara@apmebf.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.etracker[2].txt [ Cookie:tamara@www.etracker.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hansenet.122.2o7[1].txt [ Cookie:tamara@hansenet.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hmt.connexpromotions[2].txt [ Cookie:tamara@hmt.connexpromotions.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\MMRD7MCR.txt [ Cookie:tamara@zanox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bwinde.122.2o7[1].txt [ Cookie:tamara@bwinde.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stepstone.112.2o7[1].txt [ Cookie:tamara@stepstone.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@localportal24de.112.2o7[1].txt [ Cookie:tamara@localportal24de.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@advertising[2].txt [ Cookie:tamara@advertising.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@media.funpic[1].txt [ Cookie:tamara@media.funpic.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bwincom.122.2o7[2].txt [ Cookie:tamara@bwincom.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@advertiser.contextmatters[1].txt [ Cookie:tamara@advertiser.contextmatters.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@fastclick[2].txt [ Cookie:tamara@fastclick.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@akad.stats.seitenblick[1].txt [ Cookie:tamara@akad.stats.seitenblick.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.hxtrack[2].txt [ Cookie:tamara@www.hxtrack.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjkyqlc5cbo.stats.esomniture[1].txt [ Cookie:tamara@e-2dj6wjkyqlc5cbo.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@traffictrack[1].txt [ Cookie:tamara@traffictrack.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[5].txt [ Cookie:tamara@track.webtrekk.de/999999122331222/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.easyad[1].txt [ Cookie:tamara@adserver.easyad.info/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@smartadserver[1].txt [ Cookie:tamara@smartadserver.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@indigio.122.2o7[1].txt [ Cookie:tamara@indigio.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@finanzportal20.112.2o7[1].txt [ Cookie:tamara@finanzportal20.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@myhammer.122.2o7[1].txt [ Cookie:tamara@myhammer.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@zbox.zanox[1].txt [ Cookie:tamara@zbox.zanox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hbxtracking.sueddeutsche[2].txt [ Cookie:tamara@hbxtracking.sueddeutsche.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.azubo[2].txt [ Cookie:tamara@www.azubo.de/files/tracking/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@media6degrees[2].txt [ Cookie:tamara@media6degrees.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@opodo.122.2o7[1].txt [ Cookie:tamara@opodo.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@im.banner.t-online[2].txt [ Cookie:tamara@im.banner.t-online.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@zanox-affiliate[2].txt [ Cookie:tamara@zanox-affiliate.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.adnet[2].txt [ Cookie:tamara@ad.adnet.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@mediaservices.myspace[1].txt [ Cookie:tamara@mediaservices.myspace.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@statcounter[1].txt [ Cookie:tamara@statcounter.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad1.emediate[1].txt [ Cookie:tamara@ad1.emediate.dk/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.adnet[1].txt [ Cookie:tamara@ad.adnet.biz/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@libri.112.2o7[1].txt [ Cookie:tamara@libri.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hit.stat[2].txt [ Cookie:tamara@hit.stat.pl/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@metacafe.122.2o7[2].txt [ Cookie:tamara@metacafe.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@trackmatics[1].txt [ Cookie:tamara@trackmatics.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CA3R4ETA.txt [ Cookie:tamara@de.sitestat.com/hamburg/hamburg/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@server.lon.liveperson[3].txt [ Cookie:tamara@server.lon.liveperson.net/hc/55779702 ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@a3.adserver01[2].txt [ Cookie:tamara@a3.adserver01.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@brucespringsteen[2].txt [ Cookie:tamara@brucespringsteen.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@thomascookag.122.2o7[1].txt [ Cookie:tamara@thomascookag.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@eas4.emediate[1].txt [ Cookie:tamara@eas4.emediate.eu/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@de.sitestat[7].txt [ Cookie:tamara@de.sitestat.com/hk/hamburg/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@estat[1].txt [ Cookie:tamara@estat.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ads2.net2day[1].txt [ Cookie:tamara@ads2.net2day.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bluestreak[1].txt [ Cookie:tamara@bluestreak.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@dbk.zieltracker[2].txt [ Cookie:tamara@dbk.zieltracker.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@generaltracking[1].txt [ Cookie:tamara@generaltracking.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@account.live[2].txt [ Cookie:tamara@account.live.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjlyenc5odq.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjlyenc5odq.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@m1.webstats.motigo[1].txt [ Cookie:tamara@m1.webstats.motigo.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.financescout24[1].txt [ Cookie:tamara@tracking.financescout24.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adverturesnewmediaservices.112.2o7[1].txt [ Cookie:tamara@adverturesnewmediaservices.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tribalfusion[1].txt [ Cookie:tamara@tribalfusion.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAS6QP4Z.txt [ Cookie:tamara@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.vesseltracker[1].txt [ Cookie:tamara@www.vesseltracker.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.3dstats[2].txt [ Cookie:tamara@www.3dstats.com/cgi-bin ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@spoxgmbh.112.2o7[1].txt [ Cookie:tamara@spoxgmbh.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@toplist[1].txt [ Cookie:tamara@toplist.eu/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@uk.sitestat[1].txt [ Cookie:tamara@uk.sitestat.com/manairport/manairport/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@edge.download.newmedia.nacamar[2].txt [ Cookie:tamara@edge.download.newmedia.nacamar.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.bigtracker[1].txt [ Cookie:tamara@www.bigtracker.de/piwik/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAJKE7WB.txt [ Cookie:tamara@de.sitestat.com/hamburg/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CA9HC5H9.txt [ Cookie:tamara@de.sitestat.com/tcook/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.11freunde[1].txt [ Cookie:tamara@adserver.11freunde.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.bmw[1].txt [ Cookie:tamara@stats.bmw.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@vesseltracker[2].txt [ Cookie:tamara@vesseltracker.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tourismqld.122.2o7[1].txt [ Cookie:tamara@tourismqld.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@autoscout24.112.2o7[2].txt [ Cookie:tamara@autoscout24.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@valueclick[2].txt [ Cookie:tamara@valueclick.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CA6UPSEO.txt [ Cookie:tamara@track.webtrekk.de/900089555233333/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hotels-and-discounts[1].txt [ Cookie:tamara@hotels-and-discounts.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[9].txt [ Cookie:tamara@track.webtrekk.de/445541762785972/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@marriottinternational.122.2o7[1].txt [ Cookie:tamara@marriottinternational.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@socialmedia[2].txt [ Cookie:tamara@socialmedia.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.vsp-services[1].txt [ Cookie:tamara@banner.vsp-services.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@fr.sitestat[4].txt [ Cookie:tamara@fr.sitestat.com/europcar/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@dealtime[1].txt [ Cookie:tamara@dealtime.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@komtrack[3].txt [ Cookie:tamara@komtrack.com/tr/104440 ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.anschlusstor[2].txt [ Cookie:tamara@adserver.anschlusstor.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@nextag[1].txt [ Cookie:tamara@nextag.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@xiti[1].txt [ Cookie:tamara@xiti.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@server.iad.liveperson[4].txt [ Cookie:tamara@server.iad.liveperson.net/hc/42179880 ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@lfstmedia[1].txt [ Cookie:tamara@lfstmedia.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.w3counter[1].txt [ Cookie:tamara@www.w3counter.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@chrobinsonworldwide.122.2o7[1].txt [ Cookie:tamara@chrobinsonworldwide.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[7].txt [ Cookie:tamara@track.webtrekk.de/513255116380145/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracker.automobile[1].txt [ Cookie:tamara@tracker.automobile.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@booking[3].txt [ Cookie:tamara@booking.de/country/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@labelfinder.glamour[1].txt [ Cookie:tamara@labelfinder.glamour.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@uk.sitestat[2].txt [ Cookie:tamara@uk.sitestat.com/manairport/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ww3.shoshkeles[2].txt [ Cookie:tamara@ww3.shoshkeles.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@gostats[1].txt [ Cookie:tamara@gostats.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tuifly.122.2o7[1].txt [ Cookie:tamara@tuifly.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAK0YT0W.txt [ Cookie:tamara@de.sitestat.com/titus/de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.qksrv[1].txt [ Cookie:tamara@www.qksrv.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.eurogrand[2].txt [ Cookie:tamara@banner.eurogrand.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bizrate[2].txt [ Cookie:tamara@bizrate.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@olympiaverlag.122.2o7[1].txt [ Cookie:tamara@olympiaverlag.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@insightexpressai[2].txt [ Cookie:tamara@insightexpressai.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@rotator.adjuggler[1].txt [ Cookie:tamara@rotator.adjuggler.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@audit.median[1].txt [ Cookie:tamara@audit.median.hu/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjliagczcdp.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjliagczcdp.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@skyscanner[2].txt [ Cookie:tamara@skyscanner.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.dhl-systems[1].txt [ Cookie:tamara@banner.dhl-systems.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@questionpro[2].txt [ Cookie:tamara@questionpro.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@fr.sitestat[5].txt [ Cookie:tamara@fr.sitestat.com/europcar/europcar-de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@clicks.pangora[2].txt [ Cookie:tamara@clicks.pangora.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@perf.overture[1].txt [ Cookie:tamara@perf.overture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@euroclick[2].txt [ Cookie:tamara@euroclick.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.oberpfalznetz[2].txt [ Cookie:tamara@adserver.oberpfalznetz.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hamburgerabendblattdedev.122.2o7[1].txt [ Cookie:tamara@hamburgerabendblattdedev.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[10].txt [ Cookie:tamara@track.webtrekk.de/565556556123999/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAAPEE1M.txt [ Cookie:tamara@de.sitestat.com/idgcom-de/computerwoche/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bannerbrause.photocase[1].txt [ Cookie:tamara@bannerbrause.photocase.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@questionpro[1].txt [ Cookie:tamara@questionpro.com/akira/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.office-discount[1].txt [ Cookie:tamara@www.office-discount.de/webapp/wcs/stores/servlet/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAGERWEX.txt [ Cookie:tamara@de.sitestat.com/is24-community/is24-community/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAKEELDH.txt [ Cookie:tamara@de.sitestat.com/hamburg/fhh/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wcloonazwho.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wcloonazwho.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adbrite[2].txt [ Cookie:tamara@adbrite.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@a7.adserver01[1].txt [ Cookie:tamara@a7.adserver01.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wmmygpazmap.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wmmygpazmap.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.jartrack[1].txt [ Cookie:tamara@www.jartrack.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adsrv.pi-media[2].txt [ Cookie:tamara@adsrv.pi-media.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAJXGJKP.txt [ Cookie:tamara@de.sitestat.com/tcook/condor/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@google[1].txt [ Cookie:tamara@google.com/support/accounts/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.adform[1].txt [ Cookie:tamara@track.adform.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.joylandcasino[2].txt [ Cookie:tamara@banner.joylandcasino.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.adtechus[1].txt [ Cookie:tamara@adserver.adtechus.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-ctseventimag.hitbox[2].txt [ Cookie:tamara@ehg-ctseventimag.hitbox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@shop.zanox[2].txt [ Cookie:tamara@shop.zanox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@a6.adserver01[1].txt [ Cookie:tamara@a6.adserver01.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.paypal[2].txt [ Cookie:tamara@stats.paypal.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-twi.hitbox[1].txt [ Cookie:tamara@ehg-twi.hitbox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@men.122.2o7[1].txt [ Cookie:tamara@men.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@euros4click[1].txt [ Cookie:tamara@euros4click.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAGDTKPU.txt [ Cookie:tamara@de.sitestat.com/laola1/hsv-de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.alpharooms[1].txt [ Cookie:tamara@tracking.alpharooms.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.bruder[1].txt [ Cookie:tamara@www.bruder.de/typo3conf/ext/tracker/mod1/phpmv2/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.sevenload[1].txt [ Cookie:tamara@adserver.sevenload.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\T7212J2O.txt [ Cookie:tamara@weborama.fr/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.effiliation[3].txt [ Cookie:tamara@track.effiliation.com/servlet/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.clickmanage[2].txt [ Cookie:tamara@www.clickmanage.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[1].txt [ Cookie:tamara@track.webtrekk.de/907304619607711/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.piloh[1].txt [ Cookie:tamara@www.piloh.de/stats/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-firstchoice.hitbox[2].txt [ Cookie:tamara@ehg-firstchoice.hitbox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@qksrv[2].txt [ Cookie:tamara@qksrv.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@hotelscom.122.2o7[1].txt [ Cookie:tamara@hotelscom.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@server.iad.liveperson[3].txt [ Cookie:tamara@server.iad.liveperson.net/hc/80887544 ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad1.clicktag[2].txt [ Cookie:tamara@ad1.clicktag.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-fifa.hitbox[2].txt [ Cookie:tamara@ehg-fifa.hitbox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@a2.adserver01[1].txt [ Cookie:tamara@a2.adserver01.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@travel.hotels-and-discounts[1].txt [ Cookie:tamara@travel.hotels-and-discounts.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@clickandbuy[2].txt [ Cookie:tamara@clickandbuy.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@jarmediatrack[1].txt [ Cookie:tamara@jarmediatrack.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAL8MFMY.txt [ Cookie:tamara@de.sitestat.com/berlitz/de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.zieltracker[2].txt [ Cookie:tamara@www.zieltracker.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjl4wmdjobo.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjl4wmdjobo.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAMQWNRF.txt [ Cookie:tamara@de.sitestat.com/is24-mail/is24-mail/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.performance-adserver[1].txt [ Cookie:tamara@www.performance-adserver.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@yadro[2].txt [ Cookie:tamara@yadro.ru/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.omc[1].txt [ Cookie:tamara@adserver.omc.ch/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@guj.122.2o7[1].txt [ Cookie:tamara@guj.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@farheap.122.2o7[1].txt [ Cookie:tamara@farheap.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@imgw.adbureau[1].txt [ Cookie:tamara@imgw.adbureau.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@cunda.122.2o7[1].txt [ Cookie:tamara@cunda.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wfliandzafo.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wfliandzafo.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@paypal.112.2o7[1].txt [ Cookie:tamara@paypal.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.trafficmaxx[1].txt [ Cookie:tamara@www.trafficmaxx.de/controlcenter/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stat.onestat[2].txt [ Cookie:tamara@stat.onestat.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.effiliation[1].txt [ Cookie:tamara@track.effiliation.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjk4cncjkfq.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjk4cncjkfq.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\3XOESE1Q.txt [ Cookie:tamara@xing.solution.weborama.fr/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg.hitbox[2].txt [ Cookie:tamara@ehg.hitbox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAN8IJS6.txt [ Cookie:tamara@de.sitestat.com/sport1/sport1-at/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracker.roitesting[1].txt [ Cookie:tamara@tracker.roitesting.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.ad-track[2].txt [ Cookie:tamara@www.ad-track.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@memo-media[2].txt [ Cookie:tamara@memo-media.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@okmedia.de[2].txt [ Cookie:tamara@okmedia.de./ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAVEN820.txt [ Cookie:tamara@de.sitestat.com/wkd/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.fachschriften[1].txt [ Cookie:tamara@adserver.fachschriften.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CA5DHC2S.txt [ Cookie:tamara@de.sitestat.com/wkd/lto/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAUMYYKR.txt [ Cookie:tamara@de.sitestat.com/berlitz/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.adition[2].txt [ Cookie:tamara@ad.adition.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.versicherung-in[3].txt [ Cookie:tamara@www.versicherung-in.de/counter/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAUA1NO8.txt [ Cookie:tamara@de.sitestat.com/laola1/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjkogncpefq.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wjkogncpefq.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-nokiafin.hitbox[1].txt [ Cookie:tamara@ehg-nokiafin.hitbox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@rambler[1].txt [ Cookie:tamara@rambler.ru/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@spylog[2].txt [ Cookie:tamara@spylog.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wfkyqkd5elp.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wfkyqkd5elp.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@webstat[1].txt [ Cookie:tamara@webstat.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.hannoversche[2].txt [ Cookie:tamara@tracking.hannoversche.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.googleadservices[1].txt [ Cookie:tamara@www.googleadservices.com/pagead/conversion/988366977/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAVS9IQV.txt [ Cookie:tamara@de.sitestat.com/hk/kiel/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.verlag-henrich[1].txt [ Cookie:tamara@stats.verlag-henrich.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.usenext[2].txt [ Cookie:tamara@www.usenext.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.yopi[1].txt [ Cookie:tamara@adserver.yopi.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@count.gjuce[1].txt [ Cookie:tamara@count.gjuce.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@himedia.individuad[2].txt [ Cookie:tamara@himedia.individuad.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@go.dynamic-tracking[1].txt [ Cookie:tamara@go.dynamic-tracking.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tracking.haribo[1].txt [ Cookie:tamara@tracking.haribo.de/tracker/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@banner.21nova[2].txt [ Cookie:tamara@banner.21nova.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@stats.pronet-media[1].txt [ Cookie:tamara@stats.pronet-media.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@interclick[2].txt [ Cookie:tamara@interclick.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adt.traffictrack[2].txt [ Cookie:tamara@adt.traffictrack.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adx.chip[1].txt [ Cookie:tamara@adx.chip.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@wissende.122.2o7[1].txt [ Cookie:tamara@wissende.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CASLCP44.txt [ Cookie:tamara@track.webtrekk.de/511731243725473/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@media.hotels[2].txt [ Cookie:tamara@media.hotels.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAE3JPH7.txt [ Cookie:tamara@de.sitestat.com/ullapopken/de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@mediabrandsww[2].txt [ Cookie:tamara@mediabrandsww.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@bwr-media[2].txt [ Cookie:tamara@bwr-media.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@server.lon.liveperson[4].txt [ Cookie:tamara@server.lon.liveperson.net/hc/85950269 ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www3.addfreestats[1].txt [ Cookie:tamara@www3.addfreestats.com/cgi-bin ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@skydeutschland.122.2o7[1].txt [ Cookie:tamara@skydeutschland.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.conversiontracker[1].txt [ Cookie:tamara@www.conversiontracker.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adsonar[2].txt [ Cookie:tamara@adsonar.com/adserving ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserv-new.20six[1].txt [ Cookie:tamara@adserv-new.20six.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAFC135F.txt [ Cookie:tamara@de.sitestat.com/laola1/hsv-tv/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.teriotracker[1].txt [ Cookie:tamara@www.teriotracker.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver.mainz05.onvert[1].txt [ Cookie:tamara@adserver.mainz05.onvert.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ww251.smartadserver[2].txt [ Cookie:tamara@ww251.smartadserver.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAVUDNBG.txt [ Cookie:tamara@de.sitestat.com/otto-de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@liveperson[2].txt [ Cookie:tamara@liveperson.net/hc/85950269 ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAQOR3VP.txt [ Cookie:tamara@track.webtrekk.de/268040321250775/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webgains[1].txt [ Cookie:tamara@track.webgains.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wjlychczsep.stats.esomniture[1].txt [ Cookie:tamara@e-2dj6wjlychczsep.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@traveladvertising[1].txt [ Cookie:tamara@traveladvertising.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.123-counter[1].txt [ Cookie:tamara@www.123-counter.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@fl01.ct2.comclick[2].txt [ Cookie:tamara@fl01.ct2.comclick.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@okmedia[1].txt [ Cookie:tamara@okmedia.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@generic-stats[1].txt [ Cookie:tamara@generic-stats.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad-dus01.stangermedia[2].txt [ Cookie:tamara@ad-dus01.stangermedia.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.counter[1].txt [ Cookie:tamara@www.counter.gd/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ehg-yvesrocher.hitbox[1].txt [ Cookie:tamara@ehg-yvesrocher.hitbox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@tacoda[2].txt [ Cookie:tamara@tacoda.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@frontlinegmbh.122.2o7[1].txt [ Cookie:tamara@frontlinegmbh.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\17V34CGW.txt [ Cookie:tamara@ad3.adfarm1.adition.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAK5M5FE.txt [ Cookie:tamara@de.sitestat.com/otto-de/otto-de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@secmedia[1].txt [ Cookie:tamara@secmedia.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@komtrack[1].txt [ Cookie:tamara@komtrack.com/tr ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@uk.sitestat[3].txt [ Cookie:tamara@uk.sitestat.com/fulhamfc/fulhamfc/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@waterbeddiscount-hamburg[2].txt [ Cookie:tamara@waterbeddiscount-hamburg.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wckyooczclq.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wckyooczclq.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@zieltrack[1].txt [ Cookie:tamara@zieltrack.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.dyntracker[3].txt [ Cookie:tamara@ad.dyntracker.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@daimlerag.122.2o7[1].txt [ Cookie:tamara@daimlerag.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.mein-schoener-garten[2].txt [ Cookie:tamara@www.mein-schoener-garten.de/de/toplisten/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.franke-media[2].txt [ Cookie:tamara@www.franke-media.net/piwik/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@eyewonder[1].txt [ Cookie:tamara@eyewonder.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@clkads[2].txt [ Cookie:tamara@clkads.com/adServe/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@kontera[2].txt [ Cookie:tamara@kontera.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@vogelservices.122.2o7[1].txt [ Cookie:tamara@vogelservices.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@reztrack[1].txt [ Cookie:tamara@reztrack.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@eaeacom.112.2o7[1].txt [ Cookie:tamara@eaeacom.112.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAL9DXVR.txt [ Cookie:tamara@de.sitestat.com/sueddeutscher/ecomed-sicherheit/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.bambus-discount[1].txt [ Cookie:tamara@www.bambus-discount.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ads1.steereo[1].txt [ Cookie:tamara@ads1.steereo.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@autoservicefinder[1].txt [ Cookie:tamara@autoservicefinder.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@trafficer[1].txt [ Cookie:tamara@trafficer.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@agofev.122.2o7[1].txt [ Cookie:tamara@agofev.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad4.adfarm1.adition[2].txt [ Cookie:tamara@ad4.adfarm1.adition.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAJKWWGE.txt [ Cookie:tamara@www.googleadservices.com/pagead/conversion/1066798348/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@track.webtrekk[2].txt [ Cookie:tamara@track.webtrekk.de/562243648792138/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adcentriconline[2].txt [ Cookie:tamara@adcentriconline.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ad.zanox[1].txt [ Cookie:tamara@ad.zanox.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.googleadservices[11].txt [ Cookie:tamara@www.googleadservices.com/pagead/conversion/1045188287/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@delivery.atkmedia[2].txt [ Cookie:tamara@delivery.atkmedia.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@in.mydirtyhobby[1].txt [ Cookie:tamara@in.mydirtyhobby.com/track/vZIPADkU,33/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@adserver2.clipkit[1].txt [ Cookie:tamara@adserver2.clipkit.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@liveperson[1].txt [ Cookie:tamara@liveperson.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@www.googleadservices[2].txt [ Cookie:tamara@www.googleadservices.com/pagead/conversion/1069534991/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@unitymedia[2].txt [ Cookie:tamara@unitymedia.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@trackingcdn.porsche[2].txt [ Cookie:tamara@trackingcdn.porsche.com/track/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@e-2dj6wnmykmczoho.stats.esomniture[2].txt [ Cookie:tamara@e-2dj6wnmykmczoho.stats.esomniture.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\HVAQ5V6W.txt [ Cookie:tamara@clkads.com/adServe/banners ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@plandeutschland.122.2o7[1].txt [ Cookie:tamara@plandeutschland.122.2o7.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@ru4[1].txt [ Cookie:tamara@ru4.com/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@yieldmanager[1].txt [ Cookie:tamara@yieldmanager.net/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@nfm-adserver[2].txt [ Cookie:tamara@nfm-adserver.de/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@CAD2D30Y.txt [ Cookie:tamara@de.sitestat.com/sueddeutscher/ ]
	C:\USERS\TAMARA\AppData\Roaming\Microsoft\Windows\Cookies\Low\tamara@questionmarket[1].txt [ Cookie:tamara@questionmarket.com/ ]
	C:\USERS\TAMARA\Cookies\tamara@atwola[2].txt [ Cookie:tamara@atwola.com/ ]
	C:\USERS\TAMARA\Cookies\tamara@weborama[2].txt [ Cookie:tamara@weborama.fr/ ]
	C:\USERS\TAMARA\Cookies\tamara@content.yieldmanager[1].txt [ Cookie:tamara@content.yieldmanager.com/ ]
	C:\USERS\TAMARA\Cookies\tamara@adserver.71i[1].txt [ Cookie:tamara@adserver.71i.de/ ]
	C:\USERS\TAMARA\Cookies\tamara@adtech[1].txt [ Cookie:tamara@adtech.de/ ]
	C:\USERS\TAMARA\Cookies\tamara@apmebf[1].txt [ Cookie:tamara@apmebf.com/ ]
	C:\USERS\TAMARA\Cookies\tamara@tacoda[2].txt [ Cookie:tamara@tacoda.net/ ]
	C:\USERS\TAMARA\Cookies\tamara@advertising[1].txt [ Cookie:tamara@advertising.com/ ]
	.doubleclick.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.olympiaverlag.122.2o7.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.zanox-affiliate.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	tracking.quisma.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	ad.dyntracker.de [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\DANNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9DC06AAU.DEFAULT\COOKIES.SQLITE ]
	C:\USERS\TAMARA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\TAMARA@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]

Trojan.Agent/Gen-Krpytik
	C:\PROGRAM FILES\BUHL FINANCE\TAX 2004\PROGRAMM\VJV2000\BERE2000.DLL
         

Alt 17.12.2011, 07:48   #25
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Hast Du meine Anweisungen noch immer nicht vollständig ausgeführt!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 17.12.2011, 23:12   #26
Zyx124
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Hier das Ergebnis zu Eset Online Scan:

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a622ba35139069429d404bb4baa868a2
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-12 09:24:05
# local_time=2011-12-12 10:24:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 954474 954474 0 0
# compatibility_mode=1792 16777215 100 0 4580930 4580930 0 0
# compatibility_mode=5892 16776638 100 100 1322896 161252843 0 0
# compatibility_mode=8192 67108863 100 0 3827 3827 0 0
# scanned=30699
# found=0
# cleaned=0
# scan_time=4930
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a622ba35139069429d404bb4baa868a2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-17 09:53:21
# local_time=2011-12-17 10:53:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 1378190 1378190 0 0
# compatibility_mode=1792 16777215 100 0 5004646 5004646 0 0
# compatibility_mode=5892 16776638 100 100 1746612 161676559 0 0
# compatibility_mode=8192 67108863 100 0 427543 427543 0 0
# scanned=181963
# found=0
# cleaned=0
# scan_time=14971
         

Alt 18.12.2011, 00:16   #27
Zyx124
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Die nächsten Schritte habe ich durchgeführt,
bei # 13 konnte ich den Eintrag
Code:
ATTFilter
 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
         
nicht finden - somit ein fixen nicht möglich.

Bei # 14 konnte kein Logfile erstellt werden.

Ansonsten kann ich aktuell keine Probleme mehr erkennen.

Geändert von Zyx124 (18.12.2011 um 00:24 Uhr)

Alt 18.12.2011, 07:59   #28
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Zitat:
Zitat von Zyx124 Beitrag anzeigen

Bei # 14 konnte kein Logfile erstellt werden.
wieso denn nicht?
► Rechtsklick auf das Tool HijackThis-> "Als administrator ausführen" wählen...
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 18.12.2011, 18:03   #29
Zyx124
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Das ist ja das Problem,
bei Rechtsklick erscheint nur "öffnen" - jedoch nicht "als Administrator ausführen".
Unabhängig ob ich HijackThis via Desktop-Icon oder Start/Programme starten möchte.

Alt 19.12.2011, 08:41   #30
kira
/// Helfer-Team
 
TR/Crypt.XPACK.Gen2 - Standard

TR/Crypt.XPACK.Gen2



Rechtsklick > Eigenschaften > Kompatibilität > [X] Als Administrator ausführen > Übernehmen
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu TR/Crypt.XPACK.Gen2
allgemeine, allgemeinen, antivir, ausspähen, board, dateien, ebanking, echtzeitscanner, ergebnisse, gefahren, melde, meldet, onlinebanking, passwörter, problem, probleme, programme, rechner, scan, scanner, schei, schwarz, sämtliche, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, web, zukunft




Ähnliche Themen: TR/Crypt.XPACK.Gen2


  1. TR/Patched.Ren.Gen2 und 'TR/Crypt.XPACK.Gen2'
    Log-Analyse und Auswertung - 16.10.2013 (9)
  2. TR/Crypt.XPACK.Gen2
    Log-Analyse und Auswertung - 11.03.2013 (3)
  3. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  4. TR/Crypt.XPACK.Gen8 - TR/Crypt.EPACK.Gen2 - TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (18)
  5. TR/Crypt/XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (1)
  6. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  7. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  8. TR/Crypt.XPACK.Gen2
    Log-Analyse und Auswertung - 11.09.2011 (4)
  9. tr/crypt.xpack.gen2
    Log-Analyse und Auswertung - 01.06.2011 (17)
  10. ADSPY/AdSpy.Gen2, TR/Crypt.XPACK.Gen2 u.a. , lassen sich nicht entfernen
    Log-Analyse und Auswertung - 06.05.2011 (9)
  11. Spaß mit TR/ATRAPS.Gen2, TR/Kazy.mekml.1 und Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (1)
  12. TR/Trash.Gen // TR/Spy.Agent.blbk // TR/Rootkit.Gen2' // TR/BHO.Gen // TR/Crypt.XPACK.Gen2' et al
    Antiviren-, Firewall- und andere Schutzprogramme - 05.11.2010 (16)
  13. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  14. TR/Crypt.XPack.Gen2
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (6)
  15. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (4)
  16. TR/Dropper.gen und TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen2 und TR/Dldr.Agent.cxyf.3
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (32)
  17. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)

Zum Thema TR/Crypt.XPACK.Gen2 - Zitat: Zitat von Zyx124 Ich habe die Systemwiederherstellung im Abgesichten Modus durchgeführt - und es hat funktioniert. Desktop / Startmenü / Taskleiste etc. wieder wie vorher. das ist schonmal gute - TR/Crypt.XPACK.Gen2...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.