|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.11.2011, 01:21 | #1 |
| TR/Crypt.XPACK.Gen2 Hallo, folgendes Problem: mein Rechner ist anscheinend mit o.g. Trojaner befallen. In jeden Fall meldet der AntiVir Echtzeitscanner diesen - kann ihn jedoch nicht entfernen. Zudem ist der Bildschirmhintergrund schwarz (anstatt des vorherigen Windows-Hintergrunds) sowie die Eigenen Dateien und sämtliche "Schnellzugrifffunktionen" (die bei Windows-Start zu sehen sind) verschwunden. Nur "Alle Programme" sind augenscheinlich noch greifbar. Habe den Rechner mit AntiVir sowie S&D gescannt. Nachdem ich mich im Web über diesen Trojaner informiert habe, bin ich auf dieses Board gestoßen. Nachdem ich einiges über den Trojaner und die (Scan-)Vorgehensweise im Allgemeinen erfahren habe, nun die Ergebnisse des OTL Scans. Anbei die Ergebnisse. Ich hoffe, Ihr könnt euch meinem Problem annehmen und mir somit weiterhelfen meinen Rechner zu säubern. Btw - dieser Trojaner scheint ja insbesondere zum Ausspähen von Passwörtern (u.a. Onlinebanking) zu sein. Daher, kann es in Zukunft -auch nach vermeintlicher Bereinigung- zu Problemen / Gefahren kommen? Vielen Dank im voraus. Gruss |
15.11.2011, 07:06 | #2 | ||||
/// Helfer-Team | TR/Crypt.XPACK.Gen2 Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Zitat:
Zitat:
Windows Defender: Parallel zu Avira nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> http://windows.microsoft.com/de-AT/w...nder-on-or-off Windows Defender komplett deaktivieren Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe) Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen. Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen. Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen. Start => services.msc ins Suchfeld eingeben. Es öffnet sich das Fenster der Dienste Doppelklick auf den Dienst "Windows Defender" Starttyp auf "Manuell" umstellen. Dienststatus beenden, falls der Dienst noch gestartet ist. 3. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
4. wenn ohne deine Erlaubnis installiert wurde und nicht benötigst, kannst deinstallieren: Code:
ATTFilter softonic-de3 Toolbar 5. Fixen mit OTL
Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found. O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.) O4 - HKCU..\Run: [] File not found [2011.11.14 22:35:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.11.14 22:30:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.14 21:59:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job :Commands [purity] [REBOOT]
6. erneut einen Systemscan mit OTL
7. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 8. Mache bitte ein Rechtsklick auf den AntiVir-Schirm in der Taskleiste → AntiVir starten → Übersicht → Ereignisse jeden Fund markieren → Rechtsklick auf Funde → Ereignis(se) exportieren und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten. Zitat:
kira
__________________ Geändert von kira (15.11.2011 um 07:24 Uhr) |
16.11.2011, 21:39 | #3 |
| TR/Crypt.XPACK.Gen2 Hallo,
__________________ich habe Schritt 1) befolgt und Unhide.exe heruntergeladen und ausgeführt. Beim 2. Mal habe ich entsprechend des Hinweises von Unhide.exe AntiVir vorübergehend deaktiviert. Die im Startmenü unsichtbaren zuletzt verwendeten Programme sind wieder sichtbar geworden - ebenso die Desktop-Icons, wobei ich mir nicht sicher ob wirklich alle wieder sichtbar sind. Ich kann im Moment zwar nicht sagen, welche(s) fehlt/en - insgesamt erscheinen mir jedoch weniger als vor der Infizierung sichtbar. Des Weiteren ist die rechte Leiste des Startmenüs (Ordner Eigene Dateien, Systemsteuerung, Netzwerk etc.) nicht sichtbar. In dieser Spalte ist nur zuletzt verwendet sichtbar, ist jedoch leer. Meine Eigenen Dateien kann ich über den Desktop und die jeweiligen Pfade wieder einsehen und öffnen. Mein Desktophintergrund ist weiterhin schwarz. Soll ich mit Schritt 2) weiter machen? Ich frage nach, da noch nicht alles sichtbar / auf dem vorherigen Stand ist. Danke & Gruss |
17.11.2011, 13:24 | #4 |
/// Helfer-Team | TR/Crypt.XPACK.Gen2 ja, mach bitte weiter, mehr können wir momentan nicht machen. Ob alle Arten von Schäden beseitigen lassen, wird sich noch zeigen...
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (17.11.2011 um 13:35 Uhr) |
18.11.2011, 00:24 | #5 |
| TR/Crypt.XPACK.Gen2 So, weiter im Verlauf... Schritt 2 / Windows Defender zu deaktivieren habe ich befolgt. Hier das Ergebnis von Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8184 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 18.11.2011 00:08:24 mbam-log-2011-11-18 (00-08-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 391022 Laufzeit: 2 Stunde(n), 35 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 7 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 2 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\D***\AppData\LocalLow\Sun\Java\deployment\cache\6.0\44\141b5f6c-29fd69ce (Trojan.Inject.adb) -> Quarantined and deleted successfully. c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. |
18.11.2011, 01:17 | #6 |
| TR/Crypt.XPACK.Gen2 Ich habe Schritt 5 / Fixen mit OTL angewandt, jedoch keine txt.Datei nach dem erfolgten Neustart finden können. Wo sollte diese denn sein? (Wahrscheinlich in dem Ordner in dem sich auch die Anwendung OTL befindet, oder? - Dort kann ich sie leider nicht finden.) Bei Schritt 6 / Systemscan mit OTL war ich jedoch erfolgreicher. Hier die Ergebnisse: OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.11.2011 00:56:17 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\D***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,91% Memory free 3,98 Gb Paging File | 2,95 Gb Available in Paging File | 74,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147,29 Gb Total Space | 63,70 Gb Free Space | 43,25% Space Free | Partition Type: NTFS Drive D: | 73,64 Gb Total Space | 72,15 Gb Free Space | 97,97% Space Free | Partition Type: NTFS Computer Name: H*** | User Name: D*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\D***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.34821__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.34776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.34843__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.34857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.34781__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34549__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.34773__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.34842__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.34815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.34707__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34606__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34557__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.34795__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34599__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.34728__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.34703__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.34727__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34612__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.34698__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.34748__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34613__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.34694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.34702__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.34747__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2589.34827_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2589.34827__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34543__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (SSHDRV85) -- C:\Windows\System32\drivers\SSHDRV85.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.15 20:24:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.16 14:29:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.16 14:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D***\AppData\Roaming\mozilla\Extensions [2011.10.16 14:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009.09.06 08:16:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E8D4F1F-A046-4298-B111-550053B2421C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EF3BF4C-F6B3-438F-8402-7DAD0C622F39}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.18 00:30:54 | 000,000,000 | ---D | C] -- C:\_OTL [2011.11.17 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\D***\AppData\Roaming\Malwarebytes [2011.11.17 20:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.17 20:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.17 20:49:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.17 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.15 01:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.11.15 01:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011.11.13 22:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.11.13 22:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.11.13 22:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.11.13 21:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.10.20 20:35:43 | 000,000,000 | ---D | C] -- C:\Users\D***\AppData\Roaming\Avira [2011.10.20 20:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.10.20 20:33:12 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.10.20 20:33:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2011.10.20 20:33:11 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.10.20 20:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.10.20 20:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.10.19 21:29:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.10.19 21:29:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.10.19 21:29:03 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.10.19 21:29:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.10.19 21:29:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.18 00:48:13 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.11.18 00:45:52 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.18 00:45:52 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.18 00:45:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.18 00:45:35 | 2011,283,456 | -HS- | M] () -- C:\hiberfil.sys [2011.11.17 20:49:25 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.15 01:20:14 | 000,014,410 | ---- | M] () -- C:\Users\D***\Desktop\Extras.zip [2011.11.15 01:08:04 | 000,008,801 | ---- | M] () -- C:\Users\D***\Desktop\OTL.zip [2011.11.15 01:07:39 | 000,001,032 | ---- | M] () -- C:\Users\D***\Desktop\Gmer.zip [2011.11.14 22:19:43 | 000,000,000 | ---- | M] () -- C:\Users\D***\defogger_reenable [2011.11.13 22:32:57 | 000,001,061 | ---- | M] () -- C:\Users\D***\Desktop\Spybot - Search & Destroy.lnk [2011.11.13 20:08:53 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.13 20:08:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.13 20:08:53 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.13 20:08:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.21 19:28:29 | 000,000,680 | ---- | M] () -- C:\Users\D***\AppData\Local\d3d9caps.dat [2011.10.20 20:09:43 | 000,414,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.18 00:48:12 | 000,000,974 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job [2011.11.17 20:49:25 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.15 01:20:26 | 000,014,410 | ---- | C] () -- C:\Users\D***\Desktop\Extras.zip [2011.11.15 01:10:51 | 000,001,032 | ---- | C] () -- C:\Users\D***\Desktop\Gmer.zip [2011.11.15 01:10:41 | 000,008,801 | ---- | C] () -- C:\Users\D***\Desktop\OTL.zip [2011.11.14 22:19:43 | 000,000,000 | ---- | C] () -- C:\Users\D***\defogger_reenable [2011.11.13 22:32:57 | 000,001,061 | ---- | C] () -- C:\Users\D***\Desktop\Spybot - Search & Destroy.lnk [2010.08.13 09:33:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.08.13 09:33:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.12 11:55:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.08.09 21:05:04 | 000,000,037 | ---- | C] () -- C:\Windows\eprint.INI [2010.08.07 22:03:57 | 000,000,680 | ---- | C] () -- C:\Users\D***\AppData\Local\d3d9caps.dat [2010.05.15 20:12:49 | 000,179,649 | ---- | C] () -- C:\Windows\hpoins38.dat.temp [2010.05.15 20:12:49 | 000,000,622 | ---- | C] () -- C:\Windows\hpomdl38.dat.temp [2010.05.15 17:35:10 | 000,182,964 | ---- | C] () -- C:\Windows\hpoins38.dat [2010.05.15 17:35:09 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat [2010.03.21 22:36:03 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys [2010.02.14 16:58:30 | 000,000,024 | ---- | C] () -- C:\Windows\tm.ini [2010.02.14 15:01:44 | 000,000,248 | ---- | C] () -- C:\Windows\BUHL.INI [2009.12.09 20:00:24 | 000,001,294 | ---- | C] () -- C:\Windows\wiso.ini [2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009.01.01 14:26:37 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.01.01 14:26:37 | 000,000,088 | RHS- | C] () -- C:\ProgramData\49D5FA307F.sys [2008.12.22 19:55:19 | 000,003,584 | ---- | C] () -- C:\Users\D***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.13 22:52:54 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.22 22:09:43 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini [2008.02.22 22:09:42 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI [2008.02.22 22:09:42 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI [2008.02.16 17:15:31 | 000,000,778 | ---- | C] () -- C:\Windows\eReg.dat [2007.10.31 10:36:11 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.10.31 10:36:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.10.31 10:36:10 | 000,128,813 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_3.dll [2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_2.dll [2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_1.dll [2007.06.27 12:22:54 | 000,692,224 | ---- | C] () -- C:\Windows\libcurl.dll [2006.11.02 16:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,414,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [1997.09.04 00:00:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE [1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL [1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL [1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\VADE232.DLL [1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.11.2011 00:56:17 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\D***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,91% Memory free 3,98 Gb Paging File | 2,95 Gb Available in Paging File | 74,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 147,29 Gb Total Space | 63,70 Gb Free Space | 43,25% Space Free | Partition Type: NTFS Drive D: | 73,64 Gb Total Space | 72,15 Gb Free Space | 97,97% Space Free | Partition Type: NTFS Computer Name: H*** | User Name: D*** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03815124-18D5-4403-B6E0-5022896F851D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{0784789C-A995-4B16-AD2A-533142DF48F3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{08FAD53D-6764-4E0C-9CD6-96FA08004D1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0A09CA97-CC0F-4673-8624-FD788D2AEA3F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{0B79A398-D137-4742-9579-FCAB4D55BEA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{10B86021-F184-43DE-BE05-42646B27BEC2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{10CF6925-3D48-44AE-B79D-B5D062AD98DB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{1157AC94-8F81-4DE3-946B-8B5CD1B2F01D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1521D7B9-3C80-4963-9DB3-25FDB19611F5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{201967BE-5321-4634-8414-7FD55D267EA4}" = lport=5357 | protocol=6 | dir=in | app=system | "{22E76731-0A68-4374-89C9-7B83BAF72C98}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{26B55C68-1D0B-4968-BEB8-ACE3E5D46030}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{3106AA19-568C-4355-9457-632CE73ED94E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{31E75A0D-D1B5-4F7C-9E43-4B57F7E8B837}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{3649612D-2E15-47D0-9E11-3CDE91132E9F}" = rport=5357 | protocol=6 | dir=out | app=system | "{3740ABC6-8F1C-441F-889B-7B7542B34D6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3EDE2497-C8E8-49DD-B59F-C1D6D8066692}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{3F69EFD1-7A7A-4328-B8B2-DDCE48F5F62A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{42E6A37E-6801-4BB7-9DB5-DB9209B8DA19}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{44024047-7085-426D-A02E-7F440BED01F4}" = rport=5358 | protocol=6 | dir=out | app=system | "{460A7FA4-DE3A-4F3B-9BAB-6EC2A52DF809}" = lport=2869 | protocol=6 | dir=in | app=system | "{4ADB6BE4-ED64-4D63-A3FE-26046D59F41F}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{4C2127AB-4AA4-4899-8A84-AFDDADBA91AA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{50B3AAD6-EF7F-48DE-88DB-DE79A02BA001}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5B95CAFB-50EB-4AA8-BCD4-3ED448BB5075}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{5DBDB395-7C15-49E4-A267-B92BEA82CAEA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5E53AF24-A693-4C85-B7F4-CB81E1CCBE9F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{5EFA513F-36A2-48A7-872E-34453782D2A8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{66A52798-37AA-42CB-9039-3479B9F6DBAE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{6D64EEC9-528A-4EAB-B5AE-BE17FF8F1559}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{7523C062-99C3-4D7C-99AB-6764B5457578}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{84A22DEB-BE46-4888-BC6B-21FEC078C833}" = lport=2869 | protocol=6 | dir=in | app=system | "{867BFC63-BEED-402D-8E66-CE5B5A3AA079}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{8CEA0030-C8B0-450E-AF99-A35538D67CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{93E2B2B7-A3F2-49D3-B719-9C4AA47F470E}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{94612743-FB2D-4F9A-ACF1-91CB23529D5C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{963FC710-AC5A-4CEF-9B63-45CA73553694}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{9B3A698B-E0C7-455D-99A8-BBB975ED4785}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A1AEF819-DEE0-4738-8747-5C7881074A2A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{A502A13B-023C-44CC-8AAB-9477F15303F6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A6FB03E6-1D71-4C29-89C7-47AF29A7FA43}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{B2939187-EA21-40A7-9DC5-B852E5C8B23F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BCD8B253-6684-4F4D-881E-71431276FC2B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BCF85254-C428-4FD2-BE5C-AB0186C57FAB}" = rport=2869 | protocol=6 | dir=out | app=system | "{BE6CC0A0-0843-4B80-912D-F44231A8AECF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{BEF3C52A-BF45-45D5-8601-428D9C0D9DF3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C499D6AA-A352-4704-AE00-4D909DB2CD0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C7536E93-FD8E-443F-864E-7AFBD4EDA02A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D07F9716-F2DF-4703-93D9-229FA3FBBFB7}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{D13F24B7-A166-4EB4-80D0-D1BE9F90EF59}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{D1AC7322-4777-4940-B7A3-17EE26F6CA57}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{E7B89B54-3233-4084-93C0-0848E5966932}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{EC9A2D6D-1664-400A-B8FD-EC1603128B7B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{EDB1C69A-0A44-49EB-8A54-DC7323345BBE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F4EE9210-B533-456F-8D56-37B7DDA47E56}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{F8891D9B-F045-49F8-934D-0C768F168923}" = lport=5358 | protocol=6 | dir=in | app=system | "{FFE9CEF5-112E-4B7A-BAF8-4A25BECA686F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F5A5FA-7090-440E-A4CE-BE1576D18D3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{0738BA49-FEDD-4877-A6DD-D435A0B7FD74}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{11219396-CB69-4CAE-B302-3BAA3E43A58E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{1337B7B0-F15C-4CB1-BB8F-6A75FC6830E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{134DF7D5-96AA-4925-A67D-5C11815BCDD5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{18CD1637-239F-468C-AF72-483A93C869AC}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{18D49F0C-1D05-4A21-8C26-C9A38C7A71D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{1916216E-EAD6-4CC4-AD33-553FEE14BADE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{1D36D89E-F319-4BFB-BBB5-B5F93EF73E2D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{2005DD88-F341-47D4-890D-272B1B88587B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{256E5AF1-B5C2-4D8E-B98A-C036B24840D1}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{2C3C7AF5-E4BC-48F3-B683-C21837E026E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3EA572FE-9743-469A-8157-BB277EA1E7EF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{428787B7-C8D9-40AC-990E-E381C29FC308}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{511E40B3-E5F8-4FB2-9514-ABEE2560D248}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{58838C00-1FD9-4A60-AEEA-121C9F2D4183}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5A08A4E3-AAED-419D-B1FC-09242A0B9A95}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{5C4E39C8-45FF-4CA0-9F8E-37D438D227CB}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{7156B9C8-FDDD-4856-8308-A4294EFE295F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{728DED85-7C4C-436B-B0F2-B0E3C2E0C52B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{7C882E1E-81FE-41EA-8238-2AF036DFEB5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{852177A9-B432-40FC-BFCC-067F13099F45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{917F5B78-0C1C-4F0D-8BBE-FC0B04223EC6}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{91E93FF4-0F7F-4D24-90DB-7BCD4726018C}" = dir=in | app=c:\program files\itunes\itunes.exe | "{9456AAA2-5A21-4C83-AFE5-D435D22A65A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{94C4A150-1D94-4450-ACD9-61240C3C1097}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{96716147-F4C3-4A8F-9F94-C9096B1063E7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{9A0B92A5-1DE7-4855-BD46-3954AEA4E9A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9D5B5063-74CA-4DEA-A4C5-7DAD0D6B24B9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{9F5B793D-93A5-47C5-8440-CE41DB4D081A}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{A7CD4FA9-FFF9-49E5-8F74-65DA5F432696}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{ABFB6E91-FA92-4D33-8A60-034AE4B95C8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{AF7016AC-944C-499A-B4DF-EB97B151B933}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{B201EC31-C2B2-4B80-8520-B0CC5A996E11}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B2B92696-4DB9-4645-9AD9-BF578F24BA48}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | "{B6F570B4-3490-4FF6-9657-C89DA5B92C93}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B6FA6634-54C2-4171-A4AC-917123EE9503}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{B70CFD70-331B-458F-8351-7ACC3168279C}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{C64F857B-1AE6-40CA-9F66-37C624C1195D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CD3B41D0-DBB7-4255-9BA6-260C9227FB5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{CE750F41-D471-4F35-9EE9-D34F1A39E6CB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D2118D81-D8BE-4C06-B4DF-38F2E900AE4C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{D3959EA2-4375-4B83-8338-E53DECD98AB6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{D41A088E-D928-4E2D-A9FB-803054DF0028}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{D9739EE4-6DA1-4E6C-ADCA-724C5FD08913}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{DD73F1A1-DE6E-4ED5-87A5-59DD9EE81913}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{E01F1D56-23A4-454D-A3CD-4504947115E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E3B9BD05-7A98-458E-87F0-D7A71762BEBD}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{E7C4AF19-F429-43FD-8F03-D3C00D509A21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{E9070B8F-F7C5-46B5-9D01-3BE7F1538114}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{EBD17ED9-12DD-4C3A-B001-6CDDADEC0C42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{EBE5F861-0F7B-47F6-81A3-B44A9D1BBFB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{EC40408B-2955-46CE-AEAB-D6CA1AADBDEB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F8633CC1-6E8A-433F-B2F0-8E193B07E13D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "TCP Query User{42D1D9AC-4E47-4EA3-960C-185925890B0F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{55BA070B-2615-49E9-BE35-A45B35F55D58}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "TCP Query User{67D47B24-EE4F-4B55-B21A-772C0B5F369D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{6936A263-F18A-404D-97BC-B39DA34DC4B0}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{6A836EE1-732D-464E-BAAA-8E0304DF4959}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | "UDP Query User{341BA61D-4790-4D5B-AEF5-22EF03989E48}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{3A5F5B6C-D220-488C-AEA5-970DA3E9AEA7}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{3BD38682-A47F-4BFA-9944-27D354A7C9BC}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | "UDP Query User{8E8DD0FE-18F4-450E-BA9C-E1DD0CB79FFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{EB88814E-1E38-4D5F-BFAA-155A78B7034B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{028741EB-70F5-BF63-EB23-480A7C48F096}" = CCC Help German "{0343FEB6-43EA-0608-CF1F-6B4D20784AA8}" = Catalyst Control Center Localization Italian "{03B5882D-D9DB-B950-CBE1-D03DDBFFF458}" = CCC Help Chinese Traditional "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1B3A67B0-F54D-2F98-763C-B8E309135C38}" = Catalyst Control Center Localization Swedish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard "{1F9B00FC-AD74-A45C-3E73-83CF895E9CD0}" = Catalyst Control Center Localization Spanish "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{29F482A1-9828-5830-1F96-798E75CB90EB}" = CCC Help French "{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger "{2B541619-4920-A88A-AEB6-C4E76672B726}" = ccc-utility "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status "{30A9E47D-2B18-43FC-A562-8D1E3511C737}" = TablePlanner "{32AFDE70-6890-478B-BC92-8F3C76B8A77B}" = Branding "{37AF3415-B43F-FB0B-124B-4B207657DF66}" = Catalyst Control Center Localization Japanese "{396FD726-254C-40D8-8EB6-A00703F134BF}" = Buhl finance - tax 2004 Standard "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E5D1BD1-3451-15A7-D5EB-FB4C1C713C33}" = Catalyst Control Center Localization Chinese Standard "{3FB83D9B-35B3-44E2-639B-6839332BBB29}" = Catalyst Control Center Localization Portuguese "{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4 "{48FD4CEC-7ED7-5220-2032-E780075764E4}" = CCC Help Japanese "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{587601F9-A917-AE27-263A-0854BE106BE9}" = Catalyst Control Center Localization German "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter "{60101C13-2C13-48FB-855D-33D9F3013133}" = B109a-m "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer "{625309B9-9853-B259-CA17-DA4838E2D7C6}" = Catalyst Control Center Localization Dutch "{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{66E98E51-BFF9-5922-1316-7AF58170CA54}" = Catalyst Control Center Graphics Light "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C97813-ADFC-AA48-D24F-17E6CD41B413}" = Skins "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update "{74EF2D1D-D3A6-3A56-1DD7-56A338BADD29}" = CCC Help Chinese Standard "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{787AD427-7FEB-A87C-4C2E-C95610EF345B}" = Catalyst Control Center Core Implementation "{7A36BFCB-D8A9-11D7-9E00-0004769EEFEB}" = Default "{7B80F2CF-3012-41B3-0083-D96E3B923A33}" = Fussball Manager 2003 "{7D489B30-1248-4F90-A99D-8D9169355B78}" = 3D-Globus DVD 2.0 "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{8535028B-D4EE-B929-97A0-354013AE5D94}" = Catalyst Control Center Localization Korean "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9279B0F3-C831-7C50-9F07-73B1219322B6}" = Catalyst Control Center Localization Chinese Traditional "{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics "{94E89EFD-5841-17EA-4F69-37A5DA58A735}" = CCC Help Spanish "{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth "{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A983135-BB9F-6E62-F282-AD76BB9551FE}" = CCC Help English "{9AE73DF3-2349-A626-AE42-7959D7583E2B}" = Catalyst Control Center Graphics Full Existing "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 "{A603BB91-F08F-025F-4158-E897DC29D037}" = Catalyst Control Center Localization French "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA27D595-32F0-97EB-BC94-1ED22E7444A8}" = CCC Help Portuguese "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AEBC4CA2-B05F-47E3-8680-B2CDB6E12006}" = WISO Sparbuch 2006 "{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE "{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}" = ccc-core-static "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CCC67B82-CD80-9C07-4C4A-D5B9C7137399}" = CCC Help Italian "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{CEFD7155-9C9A-4D20-8DEC-3961BBBB0001}" = WISO Sparbuch 2005 "{D2B49278-3321-FFBA-0F7C-127878A9CB5D}" = CCC Help Dutch "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D3F3188E-EC4E-413B-BFEC-6A179ADB14FF}" = MSXML "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{D723FE60-F9EC-D688-0274-7BF2FF96E80A}" = Catalyst Control Center Graphics Full New "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E1FA2D24-5633-83B3-3C72-FB3749DAF724}" = CCC Help Swedish "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update "{EE6AA8D9-B369-44A0-A938-C897026B6B7B}" = BDElster-Telemodul "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{F5E23357-CDCE-0246-677C-8097DAA6F8C5}" = CCC Help Korean "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}" = Catalyst Control Center Graphics Previews Vista "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "7-Zip" = 7-Zip 9.20 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "ANSTOSS 3_is1" = ANSTOSS 3 "ATI Uninstaller" = ATI Uninstaller "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766 "Digitale Bibliothek 4" = Digitale Bibliothek 4 "FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09 "Google Updater" = Google Updater "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Photo Creations" = HP Photo Creations "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "InstallShield_{7D489B30-1248-4F90-A99D-8D9169355B78}" = 3D-Globus DVD 2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de) "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Office8.0" = Microsoft Office 97, Professional Edition "Pingus" = Pingus "Pixum ePrint" = Pixum ePrint 1.2 "S2TNG" = Die Siedler II - Die nächste Generation "Shop for HP Supplies" = Shop for HP Supplies "Siedler3Deinstall" = Siedler3 "SMSERIAL" = Motorola SM56 Speakerphone Modem "softonic-de3 Toolbar" = softonic-de3 Toolbar "Windows Mobile Device Handbook" = Windows Mobile®-MDA Touch Handbuch ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.12.2009 19:32:38 | Computer Name = H*** | Source = EventSystem | ID = 4621 Description = Error - 31.12.2009 02:36:46 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.12.2009 02:36:46 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.12.2009 10:36:35 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.12.2009 10:36:35 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 31.12.2009 10:40:38 | Computer Name = H*** | Source = WerSvc | ID = 5007 Description = Error - 31.12.2009 11:16:51 | Computer Name = H*** | Source = Application Hang | ID = 1002 Description = Programm WINWORD.EXE, Version 8.0.0.4412 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 324 Anfangszeit: 01ca8a2916573e6b Zeitpunkt der Beendigung: 32 Error - 01.01.2010 10:22:02 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 01.01.2010 10:22:02 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 01.01.2010 10:27:29 | Computer Name = H*** | Source = WerSvc | ID = 5007 Description = [ System Events ] Error - 16.11.2011 16:13:26 | Computer Name = H*** | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 16.11.2011 16:13:35 | Computer Name = H*** | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 16.11.2011 17:19:28 | Computer Name = H*** | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 16.11.2011 17:38:46 | Computer Name = H*** | Source = DCOM | ID = 10010 Description = Error - 17.11.2011 19:13:24 | Computer Name = H*** | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 17.11.2011 19:31:25 | Computer Name = H*** | Source = DCOM | ID = 10010 Description = Error - 17.11.2011 19:35:39 | Computer Name = H*** | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 17.11.2011 19:44:32 | Computer Name = H*** | Source = DCOM | ID = 10010 Description = Error - 17.11.2011 19:49:08 | Computer Name = H*** | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 17.11.2011 19:49:09 | Computer Name = H*** | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. < End of report > |
18.11.2011, 09:51 | #7 | |
/// Helfer-Team | TR/Crypt.XPACK.Gen2 1. kannst deinstallieren: Zitat:
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"... 2. Fixen mit OTL
Code:
ATTFilter :OTL IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found [2011.11.18 00:48:13 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job :Commands [purity] [REBOOT]
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
19.11.2011, 17:21 | #8 |
| TR/Crypt.XPACK.Gen2 Spybot habe ich deinstalliert. Jedoch kann ich keine txt-Datei(en) nach dem OTL-fixen finden. Wo soll die denn sein? (Eigentlich doch im gleichen Ordner bzw Desktop, auf dem sich die Anwendung befindet, oder?) |
20.11.2011, 15:36 | #9 |
| TR/Crypt.XPACK.Gen2 Hallo, hier eine Übersicht der aktuell noch auftretenden Probleme: - Bildschirmhintergrund ist schwarz - Startmenü zeigt immerhin wieder die zuletzt verwendeten Programme an, den Link zu Alle Programme sowie Zuletzte Verwendet (Dateien) und Computer. Systemsteuerung, Netzwerk, Ordner Eigene Dateien etc. nicht sichtbar - Symbole in der Taskliste (Firefox, Desktop) rechts neben dem Startmenü sind nicht vorhanden. |
21.11.2011, 12:14 | #10 |
/// Helfer-Team | TR/Crypt.XPACK.Gen2 Du musst bedenken, dass wir eventuell nicht alle Probleme lösen können, die diese durch Malware bereits schon verursacht worden sind! ansonsten so geht`s weiter: TDSSKiller von Kaspersky
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
21.11.2011, 20:39 | #11 |
| TR/Crypt.XPACK.Gen2 Okay, hier der Report vom TDSSKiller: Code:
ATTFilter 20:35:10.0537 6008 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50 20:35:10.0646 6008 ============================================================ 20:35:10.0646 6008 Current date / time: 2011/11/21 20:35:10.0646 20:35:10.0646 6008 SystemInfo: 20:35:10.0646 6008 20:35:10.0646 6008 OS Version: 6.0.6002 ServicePack: 2.0 20:35:10.0646 6008 Product type: Workstation 20:35:10.0646 6008 ComputerName: H*** 20:35:10.0646 6008 UserName: D*** 20:35:10.0646 6008 Windows directory: C:\Windows 20:35:10.0646 6008 System windows directory: C:\Windows 20:35:10.0646 6008 Processor architecture: Intel x86 20:35:10.0646 6008 Number of processors: 2 20:35:10.0646 6008 Page size: 0x1000 20:35:10.0646 6008 Boot type: Normal boot 20:35:10.0646 6008 ============================================================ 20:35:11.0613 6008 Initialize success 20:35:20.0240 2556 ============================================================ 20:35:20.0240 2556 Scan started 20:35:20.0240 2556 Mode: Manual; 20:35:20.0240 2556 ============================================================ 20:35:21.0020 2556 ACEDRV05 (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\ACEDRV05.sys 20:35:21.0020 2556 ACEDRV05 - ok 20:35:21.0067 2556 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 20:35:21.0082 2556 ACPI - ok 20:35:21.0129 2556 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 20:35:21.0129 2556 adp94xx - ok 20:35:21.0160 2556 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 20:35:21.0160 2556 adpahci - ok 20:35:21.0207 2556 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 20:35:21.0207 2556 adpu160m - ok 20:35:21.0238 2556 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 20:35:21.0238 2556 adpu320 - ok 20:35:21.0332 2556 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 20:35:21.0348 2556 AFD - ok 20:35:21.0379 2556 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 20:35:21.0379 2556 agp440 - ok 20:35:21.0426 2556 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 20:35:21.0426 2556 aic78xx - ok 20:35:21.0457 2556 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 20:35:21.0457 2556 aliide - ok 20:35:21.0504 2556 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 20:35:21.0504 2556 amdagp - ok 20:35:21.0535 2556 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 20:35:21.0535 2556 amdide - ok 20:35:21.0550 2556 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 20:35:21.0550 2556 AmdK7 - ok 20:35:21.0597 2556 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 20:35:21.0597 2556 AmdK8 - ok 20:35:21.0753 2556 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 20:35:21.0753 2556 arc - ok 20:35:21.0800 2556 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 20:35:21.0800 2556 arcsas - ok 20:35:21.0862 2556 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 20:35:21.0862 2556 AsyncMac - ok 20:35:21.0894 2556 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 20:35:21.0894 2556 atapi - ok 20:35:21.0972 2556 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys 20:35:21.0987 2556 athr - ok 20:35:22.0081 2556 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys 20:35:22.0081 2556 avgntflt - ok 20:35:22.0096 2556 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys 20:35:22.0096 2556 avipbb - ok 20:35:22.0128 2556 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 20:35:22.0143 2556 avkmgr - ok 20:35:22.0190 2556 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 20:35:22.0190 2556 Beep - ok 20:35:22.0221 2556 blbdrive - ok 20:35:22.0268 2556 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 20:35:22.0268 2556 bowser - ok 20:35:22.0315 2556 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 20:35:22.0315 2556 BrFiltLo - ok 20:35:22.0330 2556 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 20:35:22.0330 2556 BrFiltUp - ok 20:35:22.0377 2556 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 20:35:22.0377 2556 Brserid - ok 20:35:22.0408 2556 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 20:35:22.0408 2556 BrSerWdm - ok 20:35:22.0455 2556 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 20:35:22.0455 2556 BrUsbMdm - ok 20:35:22.0502 2556 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 20:35:22.0502 2556 BrUsbSer - ok 20:35:22.0518 2556 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 20:35:22.0533 2556 BTHMODEM - ok 20:35:22.0564 2556 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 20:35:22.0564 2556 cdfs - ok 20:35:22.0611 2556 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 20:35:22.0611 2556 cdrom - ok 20:35:22.0642 2556 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 20:35:22.0642 2556 circlass - ok 20:35:22.0689 2556 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 20:35:22.0689 2556 CLFS - ok 20:35:22.0798 2556 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 20:35:22.0798 2556 CmBatt - ok 20:35:22.0830 2556 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 20:35:22.0830 2556 cmdide - ok 20:35:22.0845 2556 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 20:35:22.0845 2556 Compbatt - ok 20:35:22.0876 2556 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 20:35:22.0876 2556 crcdisk - ok 20:35:22.0908 2556 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 20:35:22.0908 2556 Crusoe - ok 20:35:22.0986 2556 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 20:35:22.0986 2556 DfsC - ok 20:35:23.0048 2556 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 20:35:23.0048 2556 disk - ok 20:35:23.0110 2556 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 20:35:23.0110 2556 Dot4 - ok 20:35:23.0157 2556 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 20:35:23.0157 2556 Dot4Print - ok 20:35:23.0188 2556 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 20:35:23.0188 2556 dot4usb - ok 20:35:23.0251 2556 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 20:35:23.0251 2556 drmkaud - ok 20:35:23.0298 2556 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 20:35:23.0313 2556 DXGKrnl - ok 20:35:23.0344 2556 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 20:35:23.0344 2556 E1G60 - ok 20:35:23.0407 2556 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 20:35:23.0407 2556 Ecache - ok 20:35:23.0469 2556 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 20:35:23.0469 2556 elxstor - ok 20:35:23.0547 2556 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 20:35:23.0547 2556 exfat - ok 20:35:23.0610 2556 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 20:35:23.0610 2556 fastfat - ok 20:35:23.0641 2556 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 20:35:23.0641 2556 fdc - ok 20:35:23.0688 2556 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 20:35:23.0688 2556 FileInfo - ok 20:35:23.0719 2556 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 20:35:23.0719 2556 Filetrace - ok 20:35:23.0734 2556 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 20:35:23.0734 2556 flpydisk - ok 20:35:23.0797 2556 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 20:35:23.0797 2556 FltMgr - ok 20:35:23.0859 2556 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 20:35:23.0859 2556 Fs_Rec - ok 20:35:23.0890 2556 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 20:35:23.0890 2556 gagp30kx - ok 20:35:23.0937 2556 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:35:23.0937 2556 GEARAspiWDM - ok 20:35:23.0984 2556 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys 20:35:24.0000 2556 grmnusb - ok 20:35:24.0062 2556 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 20:35:24.0062 2556 HdAudAddService - ok 20:35:24.0109 2556 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:35:24.0124 2556 HDAudBus - ok 20:35:24.0140 2556 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 20:35:24.0140 2556 HidBth - ok 20:35:24.0171 2556 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 20:35:24.0171 2556 HidIr - ok 20:35:24.0202 2556 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 20:35:24.0202 2556 HidUsb - ok 20:35:24.0234 2556 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 20:35:24.0234 2556 HpCISSs - ok 20:35:24.0312 2556 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 20:35:24.0312 2556 HTTP - ok 20:35:24.0327 2556 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 20:35:24.0327 2556 i2omp - ok 20:35:24.0390 2556 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 20:35:24.0390 2556 i8042prt - ok 20:35:24.0421 2556 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys 20:35:24.0436 2556 iaStor - ok 20:35:24.0483 2556 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 20:35:24.0499 2556 iaStorV - ok 20:35:24.0530 2556 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 20:35:24.0530 2556 iirsp - ok 20:35:24.0639 2556 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys 20:35:24.0655 2556 IntcAzAudAddService - ok 20:35:24.0686 2556 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 20:35:24.0686 2556 intelide - ok 20:35:24.0702 2556 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 20:35:24.0702 2556 intelppm - ok 20:35:24.0764 2556 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:35:24.0764 2556 IpFilterDriver - ok 20:35:24.0780 2556 IpInIp - ok 20:35:24.0811 2556 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 20:35:24.0811 2556 IPMIDRV - ok 20:35:24.0842 2556 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 20:35:24.0842 2556 IPNAT - ok 20:35:24.0873 2556 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 20:35:24.0873 2556 IRENUM - ok 20:35:24.0904 2556 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 20:35:24.0904 2556 isapnp - ok 20:35:24.0951 2556 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 20:35:24.0951 2556 iScsiPrt - ok 20:35:24.0967 2556 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 20:35:24.0967 2556 iteatapi - ok 20:35:24.0998 2556 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 20:35:24.0998 2556 iteraid - ok 20:35:25.0014 2556 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys 20:35:25.0014 2556 JRAID - ok 20:35:25.0060 2556 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 20:35:25.0060 2556 kbdclass - ok 20:35:25.0092 2556 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 20:35:25.0092 2556 kbdhid - ok 20:35:25.0138 2556 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 20:35:25.0154 2556 KSecDD - ok 20:35:25.0216 2556 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 20:35:25.0216 2556 lltdio - ok 20:35:25.0263 2556 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 20:35:25.0263 2556 LSI_FC - ok 20:35:25.0294 2556 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 20:35:25.0294 2556 LSI_SAS - ok 20:35:25.0310 2556 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 20:35:25.0326 2556 LSI_SCSI - ok 20:35:25.0357 2556 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 20:35:25.0357 2556 luafv - ok 20:35:25.0388 2556 MBAMSwissArmy - ok 20:35:25.0419 2556 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 20:35:25.0419 2556 megasas - ok 20:35:25.0466 2556 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 20:35:25.0466 2556 Modem - ok 20:35:25.0513 2556 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys 20:35:25.0513 2556 MODEMCSA - ok 20:35:25.0560 2556 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 20:35:25.0560 2556 monitor - ok 20:35:25.0653 2556 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 20:35:25.0669 2556 mouclass - ok 20:35:25.0762 2556 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 20:35:25.0778 2556 mouhid - ok 20:35:25.0809 2556 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 20:35:25.0825 2556 MountMgr - ok 20:35:25.0856 2556 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 20:35:25.0872 2556 mpio - ok 20:35:25.0903 2556 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 20:35:25.0903 2556 mpsdrv - ok 20:35:25.0918 2556 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 20:35:25.0918 2556 Mraid35x - ok 20:35:25.0965 2556 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 20:35:25.0965 2556 MRxDAV - ok 20:35:26.0012 2556 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:35:26.0028 2556 mrxsmb - ok 20:35:26.0074 2556 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:35:26.0090 2556 mrxsmb10 - ok 20:35:26.0106 2556 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:35:26.0106 2556 mrxsmb20 - ok 20:35:26.0137 2556 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 20:35:26.0137 2556 msahci - ok 20:35:26.0168 2556 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 20:35:26.0184 2556 msdsm - ok 20:35:26.0246 2556 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 20:35:26.0246 2556 Msfs - ok 20:35:26.0293 2556 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 20:35:26.0293 2556 msisadrv - ok 20:35:26.0324 2556 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 20:35:26.0324 2556 MSKSSRV - ok 20:35:26.0371 2556 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 20:35:26.0371 2556 MSPCLOCK - ok 20:35:26.0386 2556 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 20:35:26.0386 2556 MSPQM - ok 20:35:26.0433 2556 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 20:35:26.0449 2556 MsRPC - ok 20:35:26.0480 2556 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 20:35:26.0480 2556 mssmbios - ok 20:35:26.0496 2556 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 20:35:26.0496 2556 MSTEE - ok 20:35:26.0527 2556 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 20:35:26.0527 2556 Mup - ok 20:35:26.0574 2556 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 20:35:26.0589 2556 NativeWifiP - ok 20:35:26.0636 2556 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 20:35:26.0652 2556 NDIS - ok 20:35:26.0698 2556 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 20:35:26.0698 2556 NdisTapi - ok 20:35:26.0730 2556 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 20:35:26.0730 2556 Ndisuio - ok 20:35:26.0745 2556 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 20:35:26.0745 2556 NdisWan - ok 20:35:26.0761 2556 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 20:35:26.0776 2556 NDProxy - ok 20:35:26.0808 2556 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 20:35:26.0808 2556 NetBIOS - ok 20:35:26.0854 2556 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 20:35:26.0854 2556 netbt - ok 20:35:26.0917 2556 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 20:35:26.0917 2556 nfrd960 - ok 20:35:26.0964 2556 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 20:35:26.0964 2556 Npfs - ok 20:35:26.0995 2556 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 20:35:26.0995 2556 nsiproxy - ok 20:35:27.0057 2556 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 20:35:27.0088 2556 Ntfs - ok 20:35:27.0120 2556 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 20:35:27.0120 2556 ntrigdigi - ok 20:35:27.0135 2556 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 20:35:27.0135 2556 Null - ok 20:35:27.0151 2556 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 20:35:27.0151 2556 nvraid - ok 20:35:27.0198 2556 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys 20:35:27.0198 2556 nvrd32 - ok 20:35:27.0229 2556 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 20:35:27.0229 2556 nvstor - ok 20:35:27.0244 2556 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys 20:35:27.0260 2556 nvstor32 - ok 20:35:27.0291 2556 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 20:35:27.0291 2556 nv_agp - ok 20:35:27.0307 2556 NwlnkFlt - ok 20:35:27.0322 2556 NwlnkFwd - ok 20:35:27.0385 2556 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 20:35:27.0385 2556 ohci1394 - ok 20:35:27.0478 2556 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 20:35:27.0478 2556 Parport - ok 20:35:27.0541 2556 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 20:35:27.0541 2556 partmgr - ok 20:35:27.0572 2556 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 20:35:27.0572 2556 Parvdm - ok 20:35:27.0603 2556 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 20:35:27.0619 2556 pci - ok 20:35:27.0666 2556 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 20:35:27.0666 2556 pciide - ok 20:35:27.0712 2556 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 20:35:27.0712 2556 pcmcia - ok 20:35:27.0759 2556 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 20:35:27.0790 2556 PEAUTH - ok 20:35:27.0884 2556 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 20:35:27.0884 2556 PptpMiniport - ok 20:35:27.0915 2556 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 20:35:27.0915 2556 Processor - ok 20:35:27.0978 2556 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 20:35:27.0978 2556 PSched - ok 20:35:28.0056 2556 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 20:35:28.0087 2556 ql2300 - ok 20:35:28.0118 2556 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 20:35:28.0118 2556 ql40xx - ok 20:35:28.0165 2556 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 20:35:28.0165 2556 QWAVEdrv - ok 20:35:28.0274 2556 R300 (252826c4bc88b01e945c2d3c6603f3b0) C:\Windows\system32\DRIVERS\atikmdag.sys 20:35:28.0336 2556 R300 - ok 20:35:28.0383 2556 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 20:35:28.0383 2556 RasAcd - ok 20:35:28.0430 2556 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:35:28.0446 2556 Rasl2tp - ok 20:35:28.0492 2556 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 20:35:28.0492 2556 RasPppoe - ok 20:35:28.0539 2556 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 20:35:28.0539 2556 RasSstp - ok 20:35:28.0602 2556 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 20:35:28.0602 2556 rdbss - ok 20:35:28.0633 2556 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:35:28.0633 2556 RDPCDD - ok 20:35:28.0695 2556 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 20:35:28.0695 2556 rdpdr - ok 20:35:28.0711 2556 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 20:35:28.0711 2556 RDPENCDD - ok 20:35:28.0758 2556 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 20:35:28.0758 2556 RDPWD - ok 20:35:28.0820 2556 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys 20:35:28.0820 2556 RMCAST - ok 20:35:28.0867 2556 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 20:35:28.0882 2556 rspndr - ok 20:35:28.0929 2556 RTL8169 (4755c86fd7dc189faa0e6d111c417de1) C:\Windows\system32\DRIVERS\Rtlh86.sys 20:35:28.0945 2556 RTL8169 - ok 20:35:28.0992 2556 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 20:35:28.0992 2556 sbp2port - ok 20:35:29.0038 2556 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:35:29.0038 2556 secdrv - ok 20:35:29.0085 2556 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 20:35:29.0085 2556 Serenum - ok 20:35:29.0116 2556 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 20:35:29.0116 2556 Serial - ok 20:35:29.0163 2556 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 20:35:29.0163 2556 sermouse - ok 20:35:29.0210 2556 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 20:35:29.0210 2556 sffdisk - ok 20:35:29.0241 2556 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 20:35:29.0241 2556 sffp_mmc - ok 20:35:29.0257 2556 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 20:35:29.0257 2556 sffp_sd - ok 20:35:29.0288 2556 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 20:35:29.0288 2556 sfloppy - ok 20:35:29.0319 2556 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 20:35:29.0335 2556 sisagp - ok 20:35:29.0350 2556 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 20:35:29.0350 2556 SiSRaid2 - ok 20:35:29.0382 2556 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 20:35:29.0382 2556 SiSRaid4 - ok 20:35:29.0428 2556 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 20:35:29.0428 2556 Smb - ok 20:35:29.0506 2556 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys 20:35:29.0538 2556 smserial - ok 20:35:29.0616 2556 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 20:35:29.0616 2556 spldr - ok 20:35:29.0678 2556 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 20:35:29.0678 2556 srv - ok 20:35:29.0756 2556 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 20:35:29.0756 2556 srv2 - ok 20:35:29.0787 2556 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 20:35:29.0803 2556 srvnet - ok 20:35:29.0850 2556 SSHDRV85 (f0be373861a3f34cfab55c1b7ce1feb5) C:\Windows\system32\drivers\SSHDRV85.sys 20:35:29.0850 2556 SSHDRV85 - ok 20:35:29.0896 2556 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 20:35:29.0896 2556 ssmdrv - ok 20:35:29.0959 2556 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 20:35:29.0959 2556 swenum - ok 20:35:30.0006 2556 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 20:35:30.0006 2556 Symc8xx - ok 20:35:30.0021 2556 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 20:35:30.0021 2556 Sym_hi - ok 20:35:30.0052 2556 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 20:35:30.0052 2556 Sym_u3 - ok 20:35:30.0130 2556 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 20:35:30.0162 2556 Tcpip - ok 20:35:30.0208 2556 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 20:35:30.0208 2556 Tcpip6 - ok 20:35:30.0240 2556 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 20:35:30.0240 2556 tcpipreg - ok 20:35:30.0286 2556 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 20:35:30.0286 2556 TDPIPE - ok 20:35:30.0318 2556 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 20:35:30.0318 2556 TDTCP - ok 20:35:30.0349 2556 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 20:35:30.0349 2556 tdx - ok 20:35:30.0396 2556 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 20:35:30.0396 2556 TermDD - ok 20:35:30.0489 2556 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:35:30.0489 2556 tssecsrv - ok 20:35:30.0536 2556 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 20:35:30.0536 2556 tunmp - ok 20:35:30.0567 2556 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 20:35:30.0567 2556 tunnel - ok 20:35:30.0614 2556 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 20:35:30.0614 2556 uagp35 - ok 20:35:30.0676 2556 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 20:35:30.0676 2556 udfs - ok 20:35:30.0723 2556 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 20:35:30.0723 2556 uliagpkx - ok 20:35:30.0770 2556 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 20:35:30.0786 2556 uliahci - ok 20:35:30.0817 2556 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 20:35:30.0817 2556 UlSata - ok 20:35:30.0848 2556 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 20:35:30.0848 2556 ulsata2 - ok 20:35:30.0895 2556 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 20:35:30.0895 2556 umbus - ok 20:35:30.0942 2556 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 20:35:30.0942 2556 USBAAPL - ok 20:35:30.0973 2556 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 20:35:30.0973 2556 usbccgp - ok 20:35:31.0004 2556 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 20:35:31.0004 2556 usbcir - ok 20:35:31.0051 2556 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 20:35:31.0051 2556 usbehci - ok 20:35:31.0082 2556 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 20:35:31.0082 2556 usbhub - ok 20:35:31.0129 2556 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 20:35:31.0129 2556 usbohci - ok 20:35:31.0176 2556 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 20:35:31.0176 2556 usbprint - ok 20:35:31.0207 2556 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 20:35:31.0222 2556 usbscan - ok 20:35:31.0254 2556 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:35:31.0254 2556 USBSTOR - ok 20:35:31.0300 2556 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 20:35:31.0300 2556 usbuhci - ok 20:35:31.0347 2556 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 20:35:31.0347 2556 usb_rndisx - ok 20:35:31.0378 2556 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 20:35:31.0378 2556 vga - ok 20:35:31.0425 2556 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 20:35:31.0425 2556 VgaSave - ok 20:35:31.0441 2556 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 20:35:31.0456 2556 viaagp - ok 20:35:31.0472 2556 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 20:35:31.0472 2556 ViaC7 - ok 20:35:31.0503 2556 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 20:35:31.0503 2556 viaide - ok 20:35:31.0534 2556 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys 20:35:31.0550 2556 viamraid - ok 20:35:31.0597 2556 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 20:35:31.0612 2556 volmgr - ok 20:35:31.0659 2556 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 20:35:31.0659 2556 volmgrx - ok 20:35:31.0706 2556 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 20:35:31.0706 2556 volsnap - ok 20:35:31.0737 2556 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 20:35:31.0737 2556 vsmraid - ok 20:35:31.0784 2556 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 20:35:31.0784 2556 WacomPen - ok 20:35:31.0815 2556 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:35:31.0815 2556 Wanarp - ok 20:35:31.0831 2556 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:35:31.0831 2556 Wanarpv6 - ok 20:35:31.0878 2556 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 20:35:31.0878 2556 Wd - ok 20:35:31.0924 2556 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 20:35:31.0940 2556 Wdf01000 - ok 20:35:32.0018 2556 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 20:35:32.0018 2556 WmiAcpi - ok 20:35:32.0080 2556 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 20:35:32.0096 2556 WpdUsb - ok 20:35:32.0143 2556 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 20:35:32.0143 2556 ws2ifsl - ok 20:35:32.0205 2556 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:35:32.0205 2556 WUDFRd - ok 20:35:32.0268 2556 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 20:35:32.0283 2556 \Device\Harddisk0\DR0 - ok 20:35:32.0283 2556 Boot (0x1200) (865c862497b6d1c51b60117ae6a4a19b) \Device\Harddisk0\DR0\Partition0 20:35:32.0283 2556 \Device\Harddisk0\DR0\Partition0 - ok 20:35:32.0314 2556 Boot (0x1200) (7b3624c56f94431cb5f2e9d1b977eb4d) \Device\Harddisk0\DR0\Partition1 20:35:32.0314 2556 \Device\Harddisk0\DR0\Partition1 - ok 20:35:32.0314 2556 ============================================================ 20:35:32.0314 2556 Scan finished 20:35:32.0314 2556 ============================================================ 20:35:32.0330 2272 Detected object count: 0 20:35:32.0330 2272 Actual detected object count: 0 |
22.11.2011, 08:58 | #12 | ||
/// Helfer-Team | TR/Crypt.XPACK.Gen2 Du kannst noch folgendes versuchen: 1. Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) 2. Zitat:
Punkt 7 fehlt noch:-> http://www.trojaner-board.de/105104-...tml#post720933
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (22.11.2011 um 09:07 Uhr) |
23.11.2011, 20:49 | #13 |
| TR/Crypt.XPACK.Gen2 Systemwiederherstellung habe ich versucht, jedoch nicht erfolgreich (Meldung, dass die Systemwiederherstellung nicht möglich ist). Auch die 2. Option (letzte bekannte Konfiguration) habe ich gezogen - auch hier keine Veränderung / Verbesserung zu erkennen... Nun noch das Ergebnis zu # 7: Code:
ATTFilter 3D-Globus DVD 2.0 NATIONAL GEOGRAPHIC 23.05.2009 1.00.0000 7-Zip 9.20 14.11.2011 3,54MB Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 15.02.2008 14,0MB Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 21.03.2011 10.2.153.1 Adobe Reader 8.1.3 - Deutsch Adobe Systems Incorporated 31.12.2008 99,7MB 8.1.3 Adobe SVG Viewer 3.0 19.12.2010 4,78MB 3.0 ANSTOSS 3 15.05.2008 638MB Apple Application Support Apple Inc. 13.05.2011 51,0MB 1.5.1 Apple Mobile Device Support Apple Inc. 13.05.2011 21,8MB 3.4.0.25 Apple Software Update Apple Inc. 13.05.2011 2,26MB 2.1.2.120 ATI Catalyst Install Manager ATI Technologies, Inc. 13.03.2008 13,8MB 3.0.641.0 ATI Uninstaller ATI Technologies, Inc. 15.02.2008 13,9MB Audacity 1.2.6 22.10.2010 8,43MB Avira Free Antivirus Avira 27.10.2011 153,2MB 12.0.0.861 BDElster-Telemodul 25.02.2010 0,81MB Bonjour Apple Inc. 13.05.2011 1,10MB 2.0.5.0 Buhl finance - tax 2004 Standard Buhl Data Service GmbH 26.02.2010 1,09MB 5.00 Bullzip PDF Printer 6.0.0.766 Bullzip 30.04.2009 13,8MB CCleaner Piriform 22.11.2011 4,13MB 3.12 Compatibility Pack für 2007 Office System Microsoft Corporation 19.09.2011 111,0MB 12.0.6514.5001 CorelDRAW(R) Graphics Suite X4 Corel Corporation 31.12.2008 818MB CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension Corel Corporation 31.12.2008 1,81MB Default Ihr Firmenname 15.05.2008 1,91MB 1.00.0000 Die Siedler II - Die nächste Generation 06.03.2010 512MB Digitale Bibliothek 4 28.02.2009 7,55MB FirstSteps Diagnostics Fujitsu Siemens Computers 30.10.2007 4,67MB 1.00 FUSSBALL MANAGER 09 Electronic Arts 14.10.2010 3.842MB Fussball Manager 2003 18.12.2008 801MB Garmin Training Center Garmin Ltd or its subsidiaries 17.09.2010 58,3MB 3.5.3 Garmin USB Drivers Garmin Ltd or its subsidiaries 17.09.2010 0,12MB 2.3.0.0 Google Earth Google 27.06.2008 25,3MB 4.3.7204.836 Google Toolbar for Internet Explorer Google Inc. 06.11.2011 10,7MB 7.2.2304.102 Google Updater Google Inc. 02.10.2011 3,99MB 2.4.2432.1652 GPL Ghostscript Lite 8.63 30.04.2009 11,4MB HP Customer Participation Program 14.0 HP 14.05.2010 211MB 14.0 HP Imaging Device Functions 14.0 HP 14.05.2010 2,45MB 14.0 HP Photo Creations HP Photo Creations Powered by RocketLife 23.05.2010 30,1MB 1.0.0.2261 HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 HP 14.05.2010 28,1MB 14.0 HP Smart Web Printing 4.60 HP 14.05.2010 25,4MB 4.60 HP Solution Center 14.0 HP 14.05.2010 2,54MB 14.0 HP Update Hewlett-Packard 14.05.2010 2,97MB 5.002.002.002 iTunes Apple Inc. 13.05.2011 143,9MB 10.2.2.14 Java(TM) 6 Update 21 Sun Microsystems, Inc. 31.07.2010 293MB 6.0.210 Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 16.11.2011 6,76MB 1.51.2.1300 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 23.08.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 22.08.2009 37,0MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.08.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.08.2010 24,5MB 4.0.30319 Microsoft Office 97, Professional Edition 21.02.2008 960MB Microsoft Office Home and Student 2010 Microsoft Corporation 08.10.2011 960MB 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 18.10.2011 202MB 4.0.60831.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 28.07.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 25.06.2011 0,29MB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 27.06.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30.01.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 25.06.2011 0,58MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 20.10.2011 16,5MB 10.0.40219 Microsoft Works Microsoft Corporation 12.12.2009 3,40MB 08.05.0822 Motorola SM56 Speakerphone Modem Motorola Inc 12.08.2010 2,71MB 6.12.25.06 Mozilla Firefox 7.0.1 (x86 de) Mozilla 15.10.2011 32,8MB 7.0.1 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 30.10.2007 1,27MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.11.2008 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 24.11.2009 1,34MB 4.20.9876.0 Nero 7 Essentials Nero AG 30.10.2007 377MB 7.02.5851 OpenOffice.org 3.2 OpenOffice.org 31.07.2010 379MB 3.2.9502 Paint.NET v3.36 dotPDN LLC 26.12.2008 3,97MB 3.36.0 Pingus 11.07.2008 0.7.2 Pixum ePrint 1.2 Diginet GmbH & Co. KG 08.08.2010 8,54MB 1.2.5105.10000 QuickTime Apple Inc. 13.05.2011 72,8MB 7.69.80.9 Realtek High Definition Audio Driver 30.10.2007 Safari Apple Inc. 17.11.2009 37,1MB 5.31.21.10 Shop for HP Supplies HP 14.05.2010 211MB 14.0 Siedler3 04.03.2010 233MB softonic-de3 Toolbar softonic-de3 03.06.2011 10,3MB Spelling Dictionaries Support For Adobe Reader 8 Adobe Systems 31.12.2008 32,5MB 8.0.0 t@x 2009 Standard Buhl Data Service GmbH 31.12.2009 526MB 16.00.6228 t@x 2010 Standard Buhl Data Service GmbH 30.01.2010 688MB 17.00.6531 t@x 2011 Buhl Data Service GmbH 03.06.2011 659MB 18.00.6928 Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Garmin 17.09.2010 06/03/2009 2.3.0.0 Windows Live Anmelde-Assistent Microsoft Corporation 05.03.2009 1,93MB 5.000.818.6 Windows Live Messenger Microsoft Corporation 12.03.2008 30,0MB 8.5.1302.1018 Windows Mobile Device Center Driver Update Microsoft Corporation 31.01.2009 42,4MB 6.1.6965.0 Windows Mobile®-MDA Touch Handbuch Microsoft Corporation 31.01.2009 25,8MB 1.0 WISO Sparbuch 2005 Buhl Data Service GmbH 20.03.2010 104,3MB 12.00.0000 WISO Sparbuch 2006 Buhl Data Service GmbH 21.03.2010 1.132MB 13.00.0000 Oder macht das keinen Sinn? Gibt es noch eine weitere Möglichkeit herauszufinden, wie es um mein System steht...? Geändert von Zyx124 (23.11.2011 um 21:05 Uhr) |
24.11.2011, 06:37 | #14 |
/// Helfer-Team | TR/Crypt.XPACK.Gen2 im abgesicherten Modus auch nicht?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
27.11.2011, 15:13 | #15 |
| TR/Crypt.XPACK.Gen2 Ich habe die Systemwiederherstellung im Abgesichten Modus durchgeführt - und es hat funktioniert. Desktop / Startmenü / Taskleiste etc. wieder wie vorher. Jedoch meldet der Avira AntirVir Echtzeitscanner, dass dieser nicht aktiv ist - und ich kann ihn anscheinend nicht aktivieren. Hier der Report vom heutigen Tag: Code:
ATTFilter 27.11.2011,13:56:10 [INFO] --------------------------------------------------------- 27.11.2011,13:56:10 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet! 27.11.2011,13:56:37 [INFO] Echtzeit Scanner Version: 12.01.00.18, Engine Version 8.2.6.116, VDF Version: 7.11.18.23 27.11.2011,13:56:37 [INFO] Online-Dienste stehen zur Verfügung. 27.11.2011,13:56:37 [INFO] Echtzeit Scanner wurde aktiviert 27.11.2011,13:56:37 [INFO] Verwendete Konfiguration der Echtzeitsuche: - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen - Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL* .XML .XXX .ZIP - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen - Aktion: Benutzer fragen - Archive durchsuchen: Deaktiviert - Makrovirenheuristik: Aktiviert - Win32 Dateiheuristik: Erkennungsstufe mittel - Protokollierungsstufe: Standard 27.11.2011,13:57:44 [INFO] Update-Auftrag gestartet! 27.11.2011,13:58:51 [INFO] Aktuelle Engine Version: 8.2.6.120 27.11.2011,13:58:51 [INFO] Aktuelle Version der VDF-Datei: 7.11.18.78 27.11.2011,14:01:31 [INFO] Der Avira Free Antivirus Dienst wurde beendet! 27.11.2011,14:03:24 [INFO] --------------------------------------------------------- 27.11.2011,14:03:24 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet! 27.11.2011,14:03:41 [INFO] Echtzeit Scanner Version: 12.01.00.18, Engine Version 8.2.6.120, VDF Version: 7.11.18.78 27.11.2011,14:03:42 [INFO] Online-Dienste stehen zur Verfügung. 27.11.2011,14:03:42 [INFO] Echtzeit Scanner wurde aktiviert 27.11.2011,14:03:42 [INFO] Verwendete Konfiguration der Echtzeitsuche: - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen - Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL* .XML .XXX .ZIP - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen - Aktion: Benutzer fragen - Archive durchsuchen: Deaktiviert - Makrovirenheuristik: Aktiviert - Win32 Dateiheuristik: Erkennungsstufe mittel - Protokollierungsstufe: Standard 27.11.2011,14:03:44 [INFO] Der Avira Free Antivirus Dienst wurde beendet! 27.11.2011,14:23:38 [INFO] --------------------------------------------------------- 27.11.2011,14:23:38 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet! [WARNUNG] Die Engine und VDF konnten nicht vom Installationsverzeichnis geladen werden. Die Engine und VDF werden stattdessen von der Backup Kopie geladen. 27.11.2011,14:23:38 [FEHLER] Unbekannte Fehlernummer bei der Initialisierung der Engine. 27.11.2011,14:42:19 [INFO] --------------------------------------------------------- 27.11.2011,14:42:19 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet! [WARNUNG] Die Engine und VDF konnten nicht vom Installationsverzeichnis geladen werden. Die Engine und VDF werden stattdessen von der Backup Kopie geladen. 27.11.2011,14:42:22 [FEHLER] Unbekannte Fehlernummer bei der Initialisierung der Engine. 27.11.2011,15:05:43 [INFO] --------------------------------------------------------- 27.11.2011,15:05:44 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet! [WARNUNG] Die Engine und VDF konnten nicht vom Installationsverzeichnis geladen werden. Die Engine und VDF werden stattdessen von der Backup Kopie geladen. 27.11.2011,15:05:47 [FEHLER] Unbekannte Fehlernummer bei der Initialisierung der Engine. |
Themen zu TR/Crypt.XPACK.Gen2 |
allgemeine, allgemeinen, antivir, ausspähen, board, dateien, ebanking, echtzeitscanner, ergebnisse, gefahren, melde, meldet, onlinebanking, passwörter, problem, probleme, programme, rechner, scan, scanner, schei, schwarz, sämtliche, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, web, zukunft |