Trojaner-Board - TR/Crypt.XPACK.Gen2

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - TR/Crypt.XPACK.Gen2 (https://www.trojaner-board.de/105104-tr-crypt-xpack-gen2.html)

TR/Crypt.XPACK.Gen2

Hallo,

folgendes Problem:
mein Rechner ist anscheinend mit o.g. Trojaner befallen.
In jeden Fall meldet der AntiVir Echtzeitscanner diesen - kann ihn jedoch nicht entfernen.
Zudem ist der Bildschirmhintergrund schwarz (anstatt des vorherigen Windows-Hintergrunds) sowie die Eigenen Dateien und sämtliche "Schnellzugrifffunktionen" (die bei Windows-Start zu sehen sind) verschwunden. Nur "Alle Programme" sind augenscheinlich noch greifbar.

Habe den Rechner mit AntiVir sowie S&D gescannt.

Nachdem ich mich im Web über diesen Trojaner informiert habe, bin ich auf dieses Board gestoßen. Nachdem ich einiges über den Trojaner und die (Scan-)Vorgehensweise im Allgemeinen erfahren habe, nun die Ergebnisse des OTL Scans.

Anbei die Ergebnisse.

Ich hoffe, Ihr könnt euch meinem Problem annehmen und mir somit weiterhelfen meinen Rechner zu säubern.

Btw - dieser Trojaner scheint ja insbesondere zum Ausspähen von Passwörtern (u.a. Onlinebanking) zu sein.
Daher, kann es in Zukunft -auch nach vermeintlicher Bereinigung- zu Problemen / Gefahren kommen?

Vielen Dank im voraus.
Gruss

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.

Zitat:

Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:

Lade Dir Unhide.exe (http://filepony.de/download-unhide/) (by Grinler) herunter und speichere auf deinem Desktop
für Windows 7 und Vista mit Rechtsklick als Administrator ausführen
Doppelklick auf das Unhide.exe Icon auf dem Desktop - Alles braucht seine Zeit, also ein bisschen Geduld

<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

Zitat:

Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!

2.
Windows Defender:
Parallel zu Avira nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> http://windows.microsoft.com/de-AT/w...nder-on-or-off
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

4.
wenn ohne deine Erlaubnis installiert wurde und nicht benötigst, kannst deinstallieren:

Code:

softonic-de3 Toolbar

- Manche Erweiterungen wollen sich doch nur wichtig machen;)

5.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.

O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

O4 - HKCU..\Run: []  File not found

[2011.11.14 22:35:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011.11.14 22:30:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.11.14 21:59:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
 

:Commands

[purity]

[REBOOT]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

6.
erneut einen Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

7.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

8.
Mache bitte ein Rechtsklick auf den AntiVir-Schirm in der Taskleiste → AntiVir starten → Übersicht → Ereignisse
jeden Fund markieren → Rechtsklick auf Funde → Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles, die Du posten möchtest)[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

Hallo,

ich habe Schritt 1) befolgt und Unhide.exe heruntergeladen und ausgeführt.
Beim 2. Mal habe ich entsprechend des Hinweises von Unhide.exe AntiVir vorübergehend deaktiviert.

Die im Startmenü unsichtbaren zuletzt verwendeten Programme sind wieder sichtbar geworden - ebenso die Desktop-Icons, wobei ich mir nicht sicher ob wirklich alle wieder sichtbar sind. Ich kann im Moment zwar nicht sagen, welche(s) fehlt/en - insgesamt erscheinen mir jedoch weniger als vor der Infizierung sichtbar.

Des Weiteren ist die rechte Leiste des Startmenüs (Ordner Eigene Dateien, Systemsteuerung, Netzwerk etc.) nicht sichtbar.
In dieser Spalte ist nur zuletzt verwendet sichtbar, ist jedoch leer.

Meine Eigenen Dateien kann ich über den Desktop und die jeweiligen Pfade wieder einsehen und öffnen.

Mein Desktophintergrund ist weiterhin schwarz.

Soll ich mit Schritt 2) weiter machen?
Ich frage nach, da noch nicht alles sichtbar / auf dem vorherigen Stand ist.

Danke & Gruss

ja, mach bitte weiter, mehr können wir momentan nicht machen. Ob alle Arten von Schäden beseitigen lassen, wird sich noch zeigen...

So, weiter im Verlauf...
Schritt 2 / Windows Defender zu deaktivieren habe ich befolgt.

Hier das Ergebnis von Malwarebytes:

Code:

 Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8184
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421
 

18.11.2011 00:08:24

mbam-log-2011-11-18 (00-08-24).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Durchsuchte Objekte: 391022

Laufzeit: 2 Stunde(n), 35 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 7

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 2

Infizierte Verzeichnisse: 0

Infizierte Dateien: 2
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\D***\AppData\LocalLow\Sun\Java\deployment\cache\6.0\44\141b5f6c-29fd69ce (Trojan.Inject.adb) -> Quarantined and deleted successfully.

c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Ich habe Schritt 5 / Fixen mit OTL angewandt,
jedoch keine txt.Datei nach dem erfolgten Neustart finden können.

Wo sollte diese denn sein?
(Wahrscheinlich in dem Ordner in dem sich auch die Anwendung OTL befindet, oder? - Dort kann ich sie leider nicht finden.)

Bei Schritt 6 / Systemscan mit OTL war ich jedoch erfolgreicher.
Hier die Ergebnisse:

OTL.txt
OTL Logfile:

Code:

OTL logfile created on: 18.11.2011 00:56:17 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\D***\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,91% Memory free

3,98 Gb Paging File | 2,95 Gb Available in Paging File | 74,14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 147,29 Gb Total Space | 63,70 Gb Free Space | 43,25% Space Free | Partition Type: NTFS

Drive D: | 73,64 Gb Total Space | 72,15 Gb Free Space | 97,97% Space Free | Partition Type: NTFS

 

Computer Name: H*** | User Name: D*** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\D***\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2589.34821__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2589.34776__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.2589.34843__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2589.34857__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2589.34781__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2589.34549__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2589.34773__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2589.34842__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2589.34815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2589.34707__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2589.34606__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2589.34557__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2589.34795__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2589.34599__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2589.34728__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2589.34703__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2589.34727__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2589.34612__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2589.34698__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2589.34748__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2589.34613__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2589.34694__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2589.34702__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2589.34747__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2560.25973__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2560.25999__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2560.25998__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2589.34827_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2589.34827__90ba9c70f846762e\CLI.Component.Systemtray.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2560.25981__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2589.34543__90ba9c70f846762e\CLI.Component.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (CLTNetCnService) --  File not found

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (ACEDRV05) -- C:\Windows\System32\drivers\ACEDRV05.sys (Protect Software GmbH)

DRV - (SSHDRV85) -- C:\Windows\System32\drivers\SSHDRV85.sys ()

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)

DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.15 20:24:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.16 14:29:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011.10.16 14:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D***\AppData\Roaming\mozilla\Extensions

[2011.10.16 14:29:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2009.09.06 08:16:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.09.29 08:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.

O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)

O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 File not found

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} hxxp://www.pixum.de/apps/EasyUploadX.cab (Pixum EasyUploadX Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E8D4F1F-A046-4298-B111-550053B2421C}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EF3BF4C-F6B3-438F-8402-7DAD0C622F39}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.18 00:30:54 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.11.17 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\D***\AppData\Roaming\Malwarebytes

[2011.11.17 20:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.11.17 20:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.11.17 20:49:20 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.11.17 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.11.15 01:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2011.11.15 01:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2011.11.13 22:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2011.11.13 22:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011.11.13 22:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011.11.13 21:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2011.10.20 20:35:43 | 000,000,000 | ---D | C] -- C:\Users\D***\AppData\Roaming\Avira

[2011.10.20 20:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011.10.20 20:33:12 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.10.20 20:33:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2011.10.20 20:33:11 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.10.20 20:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.10.20 20:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011.10.19 21:29:12 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.10.19 21:29:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.10.19 21:29:03 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.10.19 21:29:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.10.19 21:29:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.18 00:48:13 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011.11.18 00:45:52 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.18 00:45:52 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.18 00:45:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.18 00:45:35 | 2011,283,456 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.17 20:49:25 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.15 01:20:14 | 000,014,410 | ---- | M] () -- C:\Users\D***\Desktop\Extras.zip

[2011.11.15 01:08:04 | 000,008,801 | ---- | M] () -- C:\Users\D***\Desktop\OTL.zip

[2011.11.15 01:07:39 | 000,001,032 | ---- | M] () -- C:\Users\D***\Desktop\Gmer.zip

[2011.11.14 22:19:43 | 000,000,000 | ---- | M] () -- C:\Users\D***\defogger_reenable

[2011.11.13 22:32:57 | 000,001,061 | ---- | M] () -- C:\Users\D***\Desktop\Spybot - Search & Destroy.lnk

[2011.11.13 20:08:53 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.11.13 20:08:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.11.13 20:08:53 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.11.13 20:08:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.10.21 19:28:29 | 000,000,680 | ---- | M] () -- C:\Users\D***\AppData\Local\d3d9caps.dat

[2011.10.20 20:09:43 | 000,414,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.11.18 00:48:12 | 000,000,974 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job

[2011.11.17 20:49:25 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.15 01:20:26 | 000,014,410 | ---- | C] () -- C:\Users\D***\Desktop\Extras.zip

[2011.11.15 01:10:51 | 000,001,032 | ---- | C] () -- C:\Users\D***\Desktop\Gmer.zip

[2011.11.15 01:10:41 | 000,008,801 | ---- | C] () -- C:\Users\D***\Desktop\OTL.zip

[2011.11.14 22:19:43 | 000,000,000 | ---- | C] () -- C:\Users\D***\defogger_reenable

[2011.11.13 22:32:57 | 000,001,061 | ---- | C] () -- C:\Users\D***\Desktop\Spybot - Search & Destroy.lnk

[2010.08.13 09:33:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.08.13 09:33:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010.08.12 11:55:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.08.09 21:05:04 | 000,000,037 | ---- | C] () -- C:\Windows\eprint.INI

[2010.08.07 22:03:57 | 000,000,680 | ---- | C] () -- C:\Users\D***\AppData\Local\d3d9caps.dat

[2010.05.15 20:12:49 | 000,179,649 | ---- | C] () -- C:\Windows\hpoins38.dat.temp

[2010.05.15 20:12:49 | 000,000,622 | ---- | C] () -- C:\Windows\hpomdl38.dat.temp

[2010.05.15 17:35:10 | 000,182,964 | ---- | C] () -- C:\Windows\hpoins38.dat

[2010.05.15 17:35:09 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat

[2010.03.21 22:36:03 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys

[2010.02.14 16:58:30 | 000,000,024 | ---- | C] () -- C:\Windows\tm.ini

[2010.02.14 15:01:44 | 000,000,248 | ---- | C] () -- C:\Windows\BUHL.INI

[2009.12.09 20:00:24 | 000,001,294 | ---- | C] () -- C:\Windows\wiso.ini

[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009.01.01 14:26:37 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2009.01.01 14:26:37 | 000,000,088 | RHS- | C] () -- C:\ProgramData\49D5FA307F.sys

[2008.12.22 19:55:19 | 000,003,584 | ---- | C] () -- C:\Users\D***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.03.13 22:52:54 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html

[2008.02.22 22:09:43 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini

[2008.02.22 22:09:42 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2008.02.22 22:09:42 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI

[2008.02.16 17:15:31 | 000,000,778 | ---- | C] () -- C:\Windows\eReg.dat

[2007.10.31 10:36:11 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007.10.31 10:36:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007.10.31 10:36:10 | 000,128,813 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_3.dll

[2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_2.dll

[2007.10.10 14:37:54 | 000,278,528 | ---- | C] () -- C:\Windows\ImgUploaderLang_1.dll

[2007.06.27 12:22:54 | 000,692,224 | ---- | C] () -- C:\Windows\libcurl.dll

[2006.11.02 16:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,414,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

[1997.09.04 00:00:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE

[1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL

[1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL

[1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\VADE232.DLL

[1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 

< End of report >

--- --- ---

Extras.txt
OTL Logfile:

Code:

OTL Extras logfile created on: 18.11.2011 00:56:17 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\D***\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 60,91% Memory free

3,98 Gb Paging File | 2,95 Gb Available in Paging File | 74,14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 147,29 Gb Total Space | 63,70 Gb Free Space | 43,25% Space Free | Partition Type: NTFS

Drive D: | 73,64 Gb Total Space | 72,15 Gb Free Space | 97,97% Space Free | Partition Type: NTFS

 

Computer Name: H*** | User Name: D*** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03815124-18D5-4403-B6E0-5022896F851D}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{0784789C-A995-4B16-AD2A-533142DF48F3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{08FAD53D-6764-4E0C-9CD6-96FA08004D1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{0A09CA97-CC0F-4673-8624-FD788D2AEA3F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{0B79A398-D137-4742-9579-FCAB4D55BEA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 

"{10B86021-F184-43DE-BE05-42646B27BEC2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{10CF6925-3D48-44AE-B79D-B5D062AD98DB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{1157AC94-8F81-4DE3-946B-8B5CD1B2F01D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{1521D7B9-3C80-4963-9DB3-25FDB19611F5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{201967BE-5321-4634-8414-7FD55D267EA4}" = lport=5357 | protocol=6 | dir=in | app=system | 

"{22E76731-0A68-4374-89C9-7B83BAF72C98}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{26B55C68-1D0B-4968-BEB8-ACE3E5D46030}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{3106AA19-568C-4355-9457-632CE73ED94E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{31E75A0D-D1B5-4F7C-9E43-4B57F7E8B837}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{3649612D-2E15-47D0-9E11-3CDE91132E9F}" = rport=5357 | protocol=6 | dir=out | app=system | 

"{3740ABC6-8F1C-441F-889B-7B7542B34D6E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3EDE2497-C8E8-49DD-B59F-C1D6D8066692}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{3F69EFD1-7A7A-4328-B8B2-DDCE48F5F62A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

"{42E6A37E-6801-4BB7-9DB5-DB9209B8DA19}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{44024047-7085-426D-A02E-7F440BED01F4}" = rport=5358 | protocol=6 | dir=out | app=system | 

"{460A7FA4-DE3A-4F3B-9BAB-6EC2A52DF809}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{4ADB6BE4-ED64-4D63-A3FE-26046D59F41F}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{4C2127AB-4AA4-4899-8A84-AFDDADBA91AA}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{50B3AAD6-EF7F-48DE-88DB-DE79A02BA001}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{5B95CAFB-50EB-4AA8-BCD4-3ED448BB5075}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{5DBDB395-7C15-49E4-A267-B92BEA82CAEA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{5E53AF24-A693-4C85-B7F4-CB81E1CCBE9F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{5EFA513F-36A2-48A7-872E-34453782D2A8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{66A52798-37AA-42CB-9039-3479B9F6DBAE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{6D64EEC9-528A-4EAB-B5AE-BE17FF8F1559}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{7523C062-99C3-4D7C-99AB-6764B5457578}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{84A22DEB-BE46-4888-BC6B-21FEC078C833}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{867BFC63-BEED-402D-8E66-CE5B5A3AA079}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{8CEA0030-C8B0-450E-AF99-A35538D67CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{93E2B2B7-A3F2-49D3-B719-9C4AA47F470E}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 

"{94612743-FB2D-4F9A-ACF1-91CB23529D5C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{963FC710-AC5A-4CEF-9B63-45CA73553694}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{9B3A698B-E0C7-455D-99A8-BBB975ED4785}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{A1AEF819-DEE0-4738-8747-5C7881074A2A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{A502A13B-023C-44CC-8AAB-9477F15303F6}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{A6FB03E6-1D71-4C29-89C7-47AF29A7FA43}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{B2939187-EA21-40A7-9DC5-B852E5C8B23F}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{BCD8B253-6684-4F4D-881E-71431276FC2B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{BCF85254-C428-4FD2-BE5C-AB0186C57FAB}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{BE6CC0A0-0843-4B80-912D-F44231A8AECF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{BEF3C52A-BF45-45D5-8601-428D9C0D9DF3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{C499D6AA-A352-4704-AE00-4D909DB2CD0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{C7536E93-FD8E-443F-864E-7AFBD4EDA02A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{D07F9716-F2DF-4703-93D9-229FA3FBBFB7}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 

"{D13F24B7-A166-4EB4-80D0-D1BE9F90EF59}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{D1AC7322-4777-4940-B7A3-17EE26F6CA57}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 

"{E7B89B54-3233-4084-93C0-0848E5966932}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 

"{EC9A2D6D-1664-400A-B8FD-EC1603128B7B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{EDB1C69A-0A44-49EB-8A54-DC7323345BBE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{F4EE9210-B533-456F-8D56-37B7DDA47E56}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{F8891D9B-F045-49F8-934D-0C768F168923}" = lport=5358 | protocol=6 | dir=in | app=system | 

"{FFE9CEF5-112E-4B7A-BAF8-4A25BECA686F}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02F5A5FA-7090-440E-A4CE-BE1576D18D3B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{0738BA49-FEDD-4877-A6DD-D435A0B7FD74}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{11219396-CB69-4CAE-B302-3BAA3E43A58E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{1337B7B0-F15C-4CB1-BB8F-6A75FC6830E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{134DF7D5-96AA-4925-A67D-5C11815BCDD5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{18CD1637-239F-468C-AF72-483A93C869AC}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{18D49F0C-1D05-4A21-8C26-C9A38C7A71D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 

"{1916216E-EAD6-4CC4-AD33-553FEE14BADE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 

"{1D36D89E-F319-4BFB-BBB5-B5F93EF73E2D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{2005DD88-F341-47D4-890D-272B1B88587B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 

"{256E5AF1-B5C2-4D8E-B98A-C036B24840D1}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{2C3C7AF5-E4BC-48F3-B683-C21837E026E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{3EA572FE-9743-469A-8157-BB277EA1E7EF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{428787B7-C8D9-40AC-990E-E381C29FC308}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{511E40B3-E5F8-4FB2-9514-ABEE2560D248}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{58838C00-1FD9-4A60-AEEA-121C9F2D4183}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{5A08A4E3-AAED-419D-B1FC-09242A0B9A95}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 

"{5C4E39C8-45FF-4CA0-9F8E-37D438D227CB}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{7156B9C8-FDDD-4856-8308-A4294EFE295F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{728DED85-7C4C-436B-B0F2-B0E3C2E0C52B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 

"{7C882E1E-81FE-41EA-8238-2AF036DFEB5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{852177A9-B432-40FC-BFCC-067F13099F45}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{917F5B78-0C1C-4F0D-8BBE-FC0B04223EC6}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 

"{91E93FF4-0F7F-4D24-90DB-7BCD4726018C}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{9456AAA2-5A21-4C83-AFE5-D435D22A65A2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{94C4A150-1D94-4450-ACD9-61240C3C1097}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 

"{96716147-F4C3-4A8F-9F94-C9096B1063E7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{9A0B92A5-1DE7-4855-BD46-3954AEA4E9A0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{9D5B5063-74CA-4DEA-A4C5-7DAD0D6B24B9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{9F5B793D-93A5-47C5-8440-CE41DB4D081A}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{A7CD4FA9-FFF9-49E5-8F74-65DA5F432696}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{ABFB6E91-FA92-4D33-8A60-034AE4B95C8E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 

"{AF7016AC-944C-499A-B4DF-EB97B151B933}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{B201EC31-C2B2-4B80-8520-B0CC5A996E11}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{B2B92696-4DB9-4645-9AD9-BF578F24BA48}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 

"{B6F570B4-3490-4FF6-9657-C89DA5B92C93}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{B6FA6634-54C2-4171-A4AC-917123EE9503}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 

"{B70CFD70-331B-458F-8351-7ACC3168279C}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 

"{C64F857B-1AE6-40CA-9F66-37C624C1195D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"{CD3B41D0-DBB7-4255-9BA6-260C9227FB5B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{CE750F41-D471-4F35-9EE9-D34F1A39E6CB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{D2118D81-D8BE-4C06-B4DF-38F2E900AE4C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 

"{D3959EA2-4375-4B83-8338-E53DECD98AB6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 

"{D41A088E-D928-4E2D-A9FB-803054DF0028}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 

"{D9739EE4-6DA1-4E6C-ADCA-724C5FD08913}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 

"{DD73F1A1-DE6E-4ED5-87A5-59DD9EE81913}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 

"{E01F1D56-23A4-454D-A3CD-4504947115E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{E3B9BD05-7A98-458E-87F0-D7A71762BEBD}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 

"{E7C4AF19-F429-43FD-8F03-D3C00D509A21}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 

"{E9070B8F-F7C5-46B5-9D01-3BE7F1538114}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 

"{EBD17ED9-12DD-4C3A-B001-6CDDADEC0C42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 

"{EBE5F861-0F7B-47F6-81A3-B44A9D1BBFB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 

"{EC40408B-2955-46CE-AEAB-D6CA1AADBDEB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{F8633CC1-6E8A-433F-B2F0-8E193B07E13D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 

"TCP Query User{42D1D9AC-4E47-4EA3-960C-185925890B0F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{55BA070B-2615-49E9-BE35-A45B35F55D58}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 

"TCP Query User{67D47B24-EE4F-4B55-B21A-772C0B5F369D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{6936A263-F18A-404D-97BC-B39DA34DC4B0}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 

"TCP Query User{6A836EE1-732D-464E-BAAA-8E0304DF4959}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 

"UDP Query User{341BA61D-4790-4D5B-AEF5-22EF03989E48}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{3A5F5B6C-D220-488C-AEA5-970DA3E9AEA7}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 

"UDP Query User{3BD38682-A47F-4BFA-9944-27D354A7C9BC}C:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\funatics\die siedler ii - die nächste generation\bin\s2dng.exe | 

"UDP Query User{8E8DD0FE-18F4-450E-BA9C-E1DD0CB79FFB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{EB88814E-1E38-4D5F-BFAA-155A78B7034B}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4

"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{028741EB-70F5-BF63-EB23-480A7C48F096}" = CCC Help German

"{0343FEB6-43EA-0608-CF1F-6B4D20784AA8}" = Catalyst Control Center Localization Italian

"{03B5882D-D9DB-B950-CBE1-D03DDBFFF458}" = CCC Help Chinese Traditional

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1B3A67B0-F54D-2F98-763C-B8E309135C38}" = Catalyst Control Center Localization Swedish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F2899C5-8938-4232-98CC-7A075ECB3172}" = t@x 2010 Standard

"{1F9B00FC-AD74-A45C-3E73-83CF895E9CD0}" = Catalyst Control Center Localization Spanish

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{29F482A1-9828-5830-1F96-798E75CB90EB}" = CCC Help French

"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger

"{2B541619-4920-A88A-AEB6-C4E76672B726}" = ccc-utility

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{30A9E47D-2B18-43FC-A562-8D1E3511C737}" = TablePlanner

"{32AFDE70-6890-478B-BC92-8F3C76B8A77B}" = Branding

"{37AF3415-B43F-FB0B-124B-4B207657DF66}" = Catalyst Control Center Localization Japanese

"{396FD726-254C-40D8-8EB6-A00703F134BF}" = Buhl finance - tax 2004 Standard

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E5D1BD1-3451-15A7-D5EB-FB4C1C713C33}" = Catalyst Control Center Localization Chinese Standard

"{3FB83D9B-35B3-44E2-639B-6839332BBB29}" = Catalyst Control Center Localization Portuguese

"{40030378-9EB9-482A-AC10-195097CA624D}" = t@x 2009 Standard

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36

"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4

"{48FD4CEC-7ED7-5220-2032-E780075764E4}" = CCC Help Japanese

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{587601F9-A917-AE27-263A-0854BE106BE9}" = Catalyst Control Center Localization German

"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter

"{60101C13-2C13-48FB-855D-33D9F3013133}" = B109a-m

"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer

"{625309B9-9853-B259-CA17-DA4838E2D7C6}" = Catalyst Control Center Localization Dutch

"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{66E98E51-BFF9-5922-1316-7AF58170CA54}" = Catalyst Control Center Graphics Light

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71C97813-ADFC-AA48-D24F-17E6CD41B413}" = Skins

"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser

"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update

"{74EF2D1D-D3A6-3A56-1DD7-56A338BADD29}" = CCC Help Chinese Standard

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{787AD427-7FEB-A87C-4C2E-C95610EF345B}" = Catalyst Control Center Core Implementation

"{7A36BFCB-D8A9-11D7-9E00-0004769EEFEB}" = Default

"{7B80F2CF-3012-41B3-0083-D96E3B923A33}" = Fussball Manager 2003

"{7D489B30-1248-4F90-A99D-8D9169355B78}" = 3D-Globus DVD 2.0

"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA

"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture

"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw

"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP

"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content

"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters

"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav

"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{8535028B-D4EE-B929-97A0-354013AE5D94}" = Catalyst Control Center Localization Korean

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9279B0F3-C831-7C50-9F07-73B1219322B6}" = Catalyst Control Center Localization Chinese Traditional

"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics

"{94E89EFD-5841-17EA-4F69-37A5DA58A735}" = CCC Help Spanish

"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth

"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A983135-BB9F-6E62-F282-AD76BB9551FE}" = CCC Help English

"{9AE73DF3-2349-A626-AE42-7959D7583E2B}" = Catalyst Control Center Graphics Full Existing

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM

"{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6

"{A603BB91-F08F-025F-4158-E897DC29D037}" = Catalyst Control Center Localization French

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA27D595-32F0-97EB-BC94-1ED22E7444A8}" = CCC Help Portuguese

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8

"{AEBC4CA2-B05F-47E3-8680-B2CDB6E12006}" = WISO Sparbuch 2006

"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE

"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}" = ccc-core-static

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CCC67B82-CD80-9C07-4C4A-D5B9C7137399}" = CCC Help Italian

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension

"{CEFD7155-9C9A-4D20-8DEC-3961BBBB0001}" = WISO Sparbuch 2005

"{D2B49278-3321-FFBA-0F7C-127878A9CB5D}" = CCC Help Dutch

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D3F3188E-EC4E-413B-BFEC-6A179ADB14FF}" = MSXML

"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari

"{D723FE60-F9EC-D688-0274-7BF2FF96E80A}" = Catalyst Control Center Graphics Full New

"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core

"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2

"{E1FA2D24-5633-83B3-3C72-FB3749DAF724}" = CCC Help Swedish

"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer

"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update

"{EE6AA8D9-B369-44A0-A938-C897026B6B7B}" = BDElster-Telemodul

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"{F5E23357-CDCE-0246-677C-8097DAA6F8C5}" = CCC Help Korean

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}" = Catalyst Control Center Graphics Previews Vista

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)

"7-Zip" = 7-Zip 9.20

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"ANSTOSS 3_is1" = ANSTOSS 3

"ATI Uninstaller" = ATI Uninstaller

"Audacity_is1" = Audacity 1.2.6

"Avira AntiVir Desktop" = Avira Free Antivirus

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766

"Digitale Bibliothek 4" = Digitale Bibliothek 4

"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09

"Google Updater" = Google Updater

"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63

"HP Imaging Device Functions" = HP Imaging Device Functions 14.0

"HP Photo Creations" = HP Photo Creations

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0

"HPExtendedCapabilities" = HP Customer Participation Program 14.0

"InstallShield_{7D489B30-1248-4F90-A99D-8D9169355B78}" = 3D-Globus DVD 2.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Office8.0" = Microsoft Office 97, Professional Edition

"Pingus" = Pingus

"Pixum ePrint" = Pixum ePrint 1.2

"S2TNG" = Die Siedler II - Die nächste Generation

"Shop for HP Supplies" = Shop for HP Supplies

"Siedler3Deinstall" = Siedler3

"SMSERIAL" = Motorola SM56 Speakerphone Modem

"softonic-de3 Toolbar" = softonic-de3 Toolbar

"Windows Mobile Device Handbook" = Windows Mobile®-MDA Touch Handbuch

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 30.12.2009 19:32:38 | Computer Name = H*** | Source = EventSystem | ID = 4621

Description = 

 

Error - 31.12.2009 02:36:46 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 31.12.2009 02:36:46 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 31.12.2009 10:36:35 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 31.12.2009 10:36:35 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 31.12.2009 10:40:38 | Computer Name = H*** | Source = WerSvc | ID = 5007

Description = 

 

Error - 31.12.2009 11:16:51 | Computer Name = H*** | Source = Application Hang | ID = 1002

Description = Programm WINWORD.EXE, Version 8.0.0.4412 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 324  Anfangszeit: 01ca8a2916573e6b  Zeitpunkt der Beendigung:

 32

 

Error - 01.01.2010 10:22:02 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 01.01.2010 10:22:02 | Computer Name = H*** | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 01.01.2010 10:27:29 | Computer Name = H*** | Source = WerSvc | ID = 5007

Description = 

 

[ System Events ]

Error - 16.11.2011 16:13:26 | Computer Name = H*** | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 16.11.2011 16:13:35 | Computer Name = H*** | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 16.11.2011 17:19:28 | Computer Name = H*** | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 16.11.2011 17:38:46 | Computer Name = H*** | Source = DCOM | ID = 10010

Description = 

 

Error - 17.11.2011 19:13:24 | Computer Name = H*** | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 17.11.2011 19:31:25 | Computer Name = H*** | Source = DCOM | ID = 10010

Description = 

 

Error - 17.11.2011 19:35:39 | Computer Name = H*** | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 17.11.2011 19:44:32 | Computer Name = H*** | Source = DCOM | ID = 10010

Description = 

 

Error - 17.11.2011 19:49:08 | Computer Name = H*** | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

Error - 17.11.2011 19:49:09 | Computer Name = H*** | Source = ipnathlp | ID = 31004

Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet

 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 

Fehler ist im Speicher-Manager aufgetreten.

 

 

< End of report >

--- --- ---

1.
kannst deinstallieren:

Zitat:

Spybot

- würde ich nicht mehr empfehlen, da erfüllt nicht die neue Schutzanforderungen und Lösungen Schutz vor Malware bzw gegenüber ganz neuen Herausforderungen arbeitet nicht zufriedenstellend
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...

2.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.

O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

[2011.11.18 00:48:13 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
 

:Commands

[purity]

[REBOOT]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Spybot habe ich deinstalliert.

Jedoch kann ich keine txt-Datei(en) nach dem OTL-fixen finden.
Wo soll die denn sein?
(Eigentlich doch im gleichen Ordner bzw Desktop, auf dem sich die Anwendung befindet, oder?)

Hallo,
hier eine Übersicht der aktuell noch auftretenden Probleme:

- Bildschirmhintergrund ist schwarz
- Startmenü zeigt immerhin wieder die zuletzt verwendeten Programme an, den Link zu Alle Programme sowie Zuletzte Verwendet (Dateien) und Computer.
Systemsteuerung, Netzwerk, Ordner Eigene Dateien etc. nicht sichtbar
- Symbole in der Taskliste (Firefox, Desktop) rechts neben dem Startmenü sind nicht vorhanden.

Du musst bedenken, dass wir eventuell nicht alle Probleme lösen können, die diese durch Malware bereits schon verursacht worden sind!
ansonsten so geht`s weiter:

TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
deaktiviere vorübergehend dein AntiVirus-Programm
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

Okay, hier der Report vom TDSSKiller:

Code:

 20:35:10.0537 6008        TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50

20:35:10.0646 6008        ============================================================

20:35:10.0646 6008        Current date / time: 2011/11/21 20:35:10.0646

20:35:10.0646 6008        SystemInfo:

20:35:10.0646 6008        

20:35:10.0646 6008        OS Version: 6.0.6002 ServicePack: 2.0

20:35:10.0646 6008        Product type: Workstation

20:35:10.0646 6008        ComputerName: H***

20:35:10.0646 6008        UserName: D***

20:35:10.0646 6008        Windows directory: C:\Windows

20:35:10.0646 6008        System windows directory: C:\Windows

20:35:10.0646 6008        Processor architecture: Intel x86

20:35:10.0646 6008        Number of processors: 2

20:35:10.0646 6008        Page size: 0x1000

20:35:10.0646 6008        Boot type: Normal boot

20:35:10.0646 6008        ============================================================

20:35:11.0613 6008        Initialize success

20:35:20.0240 2556        ============================================================

20:35:20.0240 2556        Scan started

20:35:20.0240 2556        Mode: Manual; 

20:35:20.0240 2556        ============================================================

20:35:21.0020 2556        ACEDRV05        (0a1e97197609f92d2425b67da0bb0a7f) C:\Windows\system32\drivers\ACEDRV05.sys

20:35:21.0020 2556        ACEDRV05 - ok

20:35:21.0067 2556        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

20:35:21.0082 2556        ACPI - ok

20:35:21.0129 2556        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

20:35:21.0129 2556        adp94xx - ok

20:35:21.0160 2556        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

20:35:21.0160 2556        adpahci - ok

20:35:21.0207 2556        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

20:35:21.0207 2556        adpu160m - ok

20:35:21.0238 2556        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

20:35:21.0238 2556        adpu320 - ok

20:35:21.0332 2556        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

20:35:21.0348 2556        AFD - ok

20:35:21.0379 2556        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

20:35:21.0379 2556        agp440 - ok

20:35:21.0426 2556        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

20:35:21.0426 2556        aic78xx - ok

20:35:21.0457 2556        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

20:35:21.0457 2556        aliide - ok

20:35:21.0504 2556        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

20:35:21.0504 2556        amdagp - ok

20:35:21.0535 2556        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

20:35:21.0535 2556        amdide - ok

20:35:21.0550 2556        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

20:35:21.0550 2556        AmdK7 - ok

20:35:21.0597 2556        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

20:35:21.0597 2556        AmdK8 - ok

20:35:21.0753 2556        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

20:35:21.0753 2556        arc - ok

20:35:21.0800 2556        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

20:35:21.0800 2556        arcsas - ok

20:35:21.0862 2556        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

20:35:21.0862 2556        AsyncMac - ok

20:35:21.0894 2556        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

20:35:21.0894 2556        atapi - ok

20:35:21.0972 2556        athr            (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys

20:35:21.0987 2556        athr - ok

20:35:22.0081 2556        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

20:35:22.0081 2556        avgntflt - ok

20:35:22.0096 2556        avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys

20:35:22.0096 2556        avipbb - ok

20:35:22.0128 2556        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

20:35:22.0143 2556        avkmgr - ok

20:35:22.0190 2556        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

20:35:22.0190 2556        Beep - ok

20:35:22.0221 2556        blbdrive - ok

20:35:22.0268 2556        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

20:35:22.0268 2556        bowser - ok

20:35:22.0315 2556        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

20:35:22.0315 2556        BrFiltLo - ok

20:35:22.0330 2556        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

20:35:22.0330 2556        BrFiltUp - ok

20:35:22.0377 2556        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

20:35:22.0377 2556        Brserid - ok

20:35:22.0408 2556        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

20:35:22.0408 2556        BrSerWdm - ok

20:35:22.0455 2556        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

20:35:22.0455 2556        BrUsbMdm - ok

20:35:22.0502 2556        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

20:35:22.0502 2556        BrUsbSer - ok

20:35:22.0518 2556        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

20:35:22.0533 2556        BTHMODEM - ok

20:35:22.0564 2556        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

20:35:22.0564 2556        cdfs - ok

20:35:22.0611 2556        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

20:35:22.0611 2556        cdrom - ok

20:35:22.0642 2556        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

20:35:22.0642 2556        circlass - ok

20:35:22.0689 2556        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

20:35:22.0689 2556        CLFS - ok

20:35:22.0798 2556        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

20:35:22.0798 2556        CmBatt - ok

20:35:22.0830 2556        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

20:35:22.0830 2556        cmdide - ok

20:35:22.0845 2556        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

20:35:22.0845 2556        Compbatt - ok

20:35:22.0876 2556        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

20:35:22.0876 2556        crcdisk - ok

20:35:22.0908 2556        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

20:35:22.0908 2556        Crusoe - ok

20:35:22.0986 2556        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

20:35:22.0986 2556        DfsC - ok

20:35:23.0048 2556        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

20:35:23.0048 2556        disk - ok

20:35:23.0110 2556        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

20:35:23.0110 2556        Dot4 - ok

20:35:23.0157 2556        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

20:35:23.0157 2556        Dot4Print - ok

20:35:23.0188 2556        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

20:35:23.0188 2556        dot4usb - ok

20:35:23.0251 2556        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

20:35:23.0251 2556        drmkaud - ok

20:35:23.0298 2556        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

20:35:23.0313 2556        DXGKrnl - ok

20:35:23.0344 2556        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

20:35:23.0344 2556        E1G60 - ok

20:35:23.0407 2556        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

20:35:23.0407 2556        Ecache - ok

20:35:23.0469 2556        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

20:35:23.0469 2556        elxstor - ok

20:35:23.0547 2556        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

20:35:23.0547 2556        exfat - ok

20:35:23.0610 2556        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

20:35:23.0610 2556        fastfat - ok

20:35:23.0641 2556        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

20:35:23.0641 2556        fdc - ok

20:35:23.0688 2556        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

20:35:23.0688 2556        FileInfo - ok

20:35:23.0719 2556        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

20:35:23.0719 2556        Filetrace - ok

20:35:23.0734 2556        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

20:35:23.0734 2556        flpydisk - ok

20:35:23.0797 2556        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

20:35:23.0797 2556        FltMgr - ok

20:35:23.0859 2556        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

20:35:23.0859 2556        Fs_Rec - ok

20:35:23.0890 2556        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

20:35:23.0890 2556        gagp30kx - ok

20:35:23.0937 2556        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:35:23.0937 2556        GEARAspiWDM - ok

20:35:23.0984 2556        grmnusb         (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys

20:35:24.0000 2556        grmnusb - ok

20:35:24.0062 2556        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

20:35:24.0062 2556        HdAudAddService - ok

20:35:24.0109 2556        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:35:24.0124 2556        HDAudBus - ok

20:35:24.0140 2556        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

20:35:24.0140 2556        HidBth - ok

20:35:24.0171 2556        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

20:35:24.0171 2556        HidIr - ok

20:35:24.0202 2556        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

20:35:24.0202 2556        HidUsb - ok

20:35:24.0234 2556        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

20:35:24.0234 2556        HpCISSs - ok

20:35:24.0312 2556        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

20:35:24.0312 2556        HTTP - ok

20:35:24.0327 2556        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

20:35:24.0327 2556        i2omp - ok

20:35:24.0390 2556        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

20:35:24.0390 2556        i8042prt - ok

20:35:24.0421 2556        iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys

20:35:24.0436 2556        iaStor - ok

20:35:24.0483 2556        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

20:35:24.0499 2556        iaStorV - ok

20:35:24.0530 2556        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

20:35:24.0530 2556        iirsp - ok

20:35:24.0639 2556        IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys

20:35:24.0655 2556        IntcAzAudAddService - ok

20:35:24.0686 2556        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

20:35:24.0686 2556        intelide - ok

20:35:24.0702 2556        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

20:35:24.0702 2556        intelppm - ok

20:35:24.0764 2556        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:35:24.0764 2556        IpFilterDriver - ok

20:35:24.0780 2556        IpInIp - ok

20:35:24.0811 2556        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

20:35:24.0811 2556        IPMIDRV - ok

20:35:24.0842 2556        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

20:35:24.0842 2556        IPNAT - ok

20:35:24.0873 2556        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

20:35:24.0873 2556        IRENUM - ok

20:35:24.0904 2556        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

20:35:24.0904 2556        isapnp - ok

20:35:24.0951 2556        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

20:35:24.0951 2556        iScsiPrt - ok

20:35:24.0967 2556        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

20:35:24.0967 2556        iteatapi - ok

20:35:24.0998 2556        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

20:35:24.0998 2556        iteraid - ok

20:35:25.0014 2556        JRAID           (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys

20:35:25.0014 2556        JRAID - ok

20:35:25.0060 2556        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:35:25.0060 2556        kbdclass - ok

20:35:25.0092 2556        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

20:35:25.0092 2556        kbdhid - ok

20:35:25.0138 2556        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

20:35:25.0154 2556        KSecDD - ok

20:35:25.0216 2556        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

20:35:25.0216 2556        lltdio - ok

20:35:25.0263 2556        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

20:35:25.0263 2556        LSI_FC - ok

20:35:25.0294 2556        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

20:35:25.0294 2556        LSI_SAS - ok

20:35:25.0310 2556        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

20:35:25.0326 2556        LSI_SCSI - ok

20:35:25.0357 2556        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

20:35:25.0357 2556        luafv - ok

20:35:25.0388 2556        MBAMSwissArmy - ok

20:35:25.0419 2556        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

20:35:25.0419 2556        megasas - ok

20:35:25.0466 2556        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

20:35:25.0466 2556        Modem - ok

20:35:25.0513 2556        MODEMCSA        (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys

20:35:25.0513 2556        MODEMCSA - ok

20:35:25.0560 2556        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

20:35:25.0560 2556        monitor - ok

20:35:25.0653 2556        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

20:35:25.0669 2556        mouclass - ok

20:35:25.0762 2556        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

20:35:25.0778 2556        mouhid - ok

20:35:25.0809 2556        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

20:35:25.0825 2556        MountMgr - ok

20:35:25.0856 2556        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

20:35:25.0872 2556        mpio - ok

20:35:25.0903 2556        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

20:35:25.0903 2556        mpsdrv - ok

20:35:25.0918 2556        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

20:35:25.0918 2556        Mraid35x - ok

20:35:25.0965 2556        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

20:35:25.0965 2556        MRxDAV - ok

20:35:26.0012 2556        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:35:26.0028 2556        mrxsmb - ok

20:35:26.0074 2556        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:35:26.0090 2556        mrxsmb10 - ok

20:35:26.0106 2556        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:35:26.0106 2556        mrxsmb20 - ok

20:35:26.0137 2556        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

20:35:26.0137 2556        msahci - ok

20:35:26.0168 2556        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

20:35:26.0184 2556        msdsm - ok

20:35:26.0246 2556        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

20:35:26.0246 2556        Msfs - ok

20:35:26.0293 2556        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

20:35:26.0293 2556        msisadrv - ok

20:35:26.0324 2556        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

20:35:26.0324 2556        MSKSSRV - ok

20:35:26.0371 2556        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

20:35:26.0371 2556        MSPCLOCK - ok

20:35:26.0386 2556        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

20:35:26.0386 2556        MSPQM - ok

20:35:26.0433 2556        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

20:35:26.0449 2556        MsRPC - ok

20:35:26.0480 2556        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

20:35:26.0480 2556        mssmbios - ok

20:35:26.0496 2556        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

20:35:26.0496 2556        MSTEE - ok

20:35:26.0527 2556        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

20:35:26.0527 2556        Mup - ok

20:35:26.0574 2556        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

20:35:26.0589 2556        NativeWifiP - ok

20:35:26.0636 2556        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

20:35:26.0652 2556        NDIS - ok

20:35:26.0698 2556        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

20:35:26.0698 2556        NdisTapi - ok

20:35:26.0730 2556        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

20:35:26.0730 2556        Ndisuio - ok

20:35:26.0745 2556        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

20:35:26.0745 2556        NdisWan - ok

20:35:26.0761 2556        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

20:35:26.0776 2556        NDProxy - ok

20:35:26.0808 2556        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

20:35:26.0808 2556        NetBIOS - ok

20:35:26.0854 2556        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

20:35:26.0854 2556        netbt - ok

20:35:26.0917 2556        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

20:35:26.0917 2556        nfrd960 - ok

20:35:26.0964 2556        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

20:35:26.0964 2556        Npfs - ok

20:35:26.0995 2556        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

20:35:26.0995 2556        nsiproxy - ok

20:35:27.0057 2556        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

20:35:27.0088 2556        Ntfs - ok

20:35:27.0120 2556        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

20:35:27.0120 2556        ntrigdigi - ok

20:35:27.0135 2556        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

20:35:27.0135 2556        Null - ok

20:35:27.0151 2556        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

20:35:27.0151 2556        nvraid - ok

20:35:27.0198 2556        nvrd32          (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys

20:35:27.0198 2556        nvrd32 - ok

20:35:27.0229 2556        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

20:35:27.0229 2556        nvstor - ok

20:35:27.0244 2556        nvstor32        (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys

20:35:27.0260 2556        nvstor32 - ok

20:35:27.0291 2556        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

20:35:27.0291 2556        nv_agp - ok

20:35:27.0307 2556        NwlnkFlt - ok

20:35:27.0322 2556        NwlnkFwd - ok

20:35:27.0385 2556        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

20:35:27.0385 2556        ohci1394 - ok

20:35:27.0478 2556        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

20:35:27.0478 2556        Parport - ok

20:35:27.0541 2556        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

20:35:27.0541 2556        partmgr - ok

20:35:27.0572 2556        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

20:35:27.0572 2556        Parvdm - ok

20:35:27.0603 2556        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

20:35:27.0619 2556        pci - ok

20:35:27.0666 2556        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

20:35:27.0666 2556        pciide - ok

20:35:27.0712 2556        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

20:35:27.0712 2556        pcmcia - ok

20:35:27.0759 2556        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

20:35:27.0790 2556        PEAUTH - ok

20:35:27.0884 2556        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

20:35:27.0884 2556        PptpMiniport - ok

20:35:27.0915 2556        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

20:35:27.0915 2556        Processor - ok

20:35:27.0978 2556        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

20:35:27.0978 2556        PSched - ok

20:35:28.0056 2556        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

20:35:28.0087 2556        ql2300 - ok

20:35:28.0118 2556        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

20:35:28.0118 2556        ql40xx - ok

20:35:28.0165 2556        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

20:35:28.0165 2556        QWAVEdrv - ok

20:35:28.0274 2556        R300            (252826c4bc88b01e945c2d3c6603f3b0) C:\Windows\system32\DRIVERS\atikmdag.sys

20:35:28.0336 2556        R300 - ok

20:35:28.0383 2556        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

20:35:28.0383 2556        RasAcd - ok

20:35:28.0430 2556        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:35:28.0446 2556        Rasl2tp - ok

20:35:28.0492 2556        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

20:35:28.0492 2556        RasPppoe - ok

20:35:28.0539 2556        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

20:35:28.0539 2556        RasSstp - ok

20:35:28.0602 2556        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

20:35:28.0602 2556        rdbss - ok

20:35:28.0633 2556        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:35:28.0633 2556        RDPCDD - ok

20:35:28.0695 2556        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

20:35:28.0695 2556        rdpdr - ok

20:35:28.0711 2556        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

20:35:28.0711 2556        RDPENCDD - ok

20:35:28.0758 2556        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

20:35:28.0758 2556        RDPWD - ok

20:35:28.0820 2556        RMCAST          (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys

20:35:28.0820 2556        RMCAST - ok

20:35:28.0867 2556        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

20:35:28.0882 2556        rspndr - ok

20:35:28.0929 2556        RTL8169         (4755c86fd7dc189faa0e6d111c417de1) C:\Windows\system32\DRIVERS\Rtlh86.sys

20:35:28.0945 2556        RTL8169 - ok

20:35:28.0992 2556        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

20:35:28.0992 2556        sbp2port - ok

20:35:29.0038 2556        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:35:29.0038 2556        secdrv - ok

20:35:29.0085 2556        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

20:35:29.0085 2556        Serenum - ok

20:35:29.0116 2556        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

20:35:29.0116 2556        Serial - ok

20:35:29.0163 2556        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

20:35:29.0163 2556        sermouse - ok

20:35:29.0210 2556        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

20:35:29.0210 2556        sffdisk - ok

20:35:29.0241 2556        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

20:35:29.0241 2556        sffp_mmc - ok

20:35:29.0257 2556        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

20:35:29.0257 2556        sffp_sd - ok

20:35:29.0288 2556        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

20:35:29.0288 2556        sfloppy - ok

20:35:29.0319 2556        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

20:35:29.0335 2556        sisagp - ok

20:35:29.0350 2556        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

20:35:29.0350 2556        SiSRaid2 - ok

20:35:29.0382 2556        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

20:35:29.0382 2556        SiSRaid4 - ok

20:35:29.0428 2556        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

20:35:29.0428 2556        Smb - ok

20:35:29.0506 2556        smserial        (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys

20:35:29.0538 2556        smserial - ok

20:35:29.0616 2556        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

20:35:29.0616 2556        spldr - ok

20:35:29.0678 2556        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

20:35:29.0678 2556        srv - ok

20:35:29.0756 2556        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

20:35:29.0756 2556        srv2 - ok

20:35:29.0787 2556        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

20:35:29.0803 2556        srvnet - ok

20:35:29.0850 2556        SSHDRV85        (f0be373861a3f34cfab55c1b7ce1feb5) C:\Windows\system32\drivers\SSHDRV85.sys

20:35:29.0850 2556        SSHDRV85 - ok

20:35:29.0896 2556        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

20:35:29.0896 2556        ssmdrv - ok

20:35:29.0959 2556        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

20:35:29.0959 2556        swenum - ok

20:35:30.0006 2556        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

20:35:30.0006 2556        Symc8xx - ok

20:35:30.0021 2556        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

20:35:30.0021 2556        Sym_hi - ok

20:35:30.0052 2556        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

20:35:30.0052 2556        Sym_u3 - ok

20:35:30.0130 2556        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

20:35:30.0162 2556        Tcpip - ok

20:35:30.0208 2556        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

20:35:30.0208 2556        Tcpip6 - ok

20:35:30.0240 2556        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

20:35:30.0240 2556        tcpipreg - ok

20:35:30.0286 2556        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

20:35:30.0286 2556        TDPIPE - ok

20:35:30.0318 2556        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

20:35:30.0318 2556        TDTCP - ok

20:35:30.0349 2556        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

20:35:30.0349 2556        tdx - ok

20:35:30.0396 2556        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

20:35:30.0396 2556        TermDD - ok

20:35:30.0489 2556        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:35:30.0489 2556        tssecsrv - ok

20:35:30.0536 2556        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

20:35:30.0536 2556        tunmp - ok

20:35:30.0567 2556        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

20:35:30.0567 2556        tunnel - ok

20:35:30.0614 2556        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

20:35:30.0614 2556        uagp35 - ok

20:35:30.0676 2556        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

20:35:30.0676 2556        udfs - ok

20:35:30.0723 2556        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

20:35:30.0723 2556        uliagpkx - ok

20:35:30.0770 2556        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

20:35:30.0786 2556        uliahci - ok

20:35:30.0817 2556        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

20:35:30.0817 2556        UlSata - ok

20:35:30.0848 2556        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

20:35:30.0848 2556        ulsata2 - ok

20:35:30.0895 2556        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

20:35:30.0895 2556        umbus - ok

20:35:30.0942 2556        USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

20:35:30.0942 2556        USBAAPL - ok

20:35:30.0973 2556        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

20:35:30.0973 2556        usbccgp - ok

20:35:31.0004 2556        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

20:35:31.0004 2556        usbcir - ok

20:35:31.0051 2556        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

20:35:31.0051 2556        usbehci - ok

20:35:31.0082 2556        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

20:35:31.0082 2556        usbhub - ok

20:35:31.0129 2556        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

20:35:31.0129 2556        usbohci - ok

20:35:31.0176 2556        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

20:35:31.0176 2556        usbprint - ok

20:35:31.0207 2556        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

20:35:31.0222 2556        usbscan - ok

20:35:31.0254 2556        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:35:31.0254 2556        USBSTOR - ok

20:35:31.0300 2556        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

20:35:31.0300 2556        usbuhci - ok

20:35:31.0347 2556        usb_rndisx      (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys

20:35:31.0347 2556        usb_rndisx - ok

20:35:31.0378 2556        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

20:35:31.0378 2556        vga - ok

20:35:31.0425 2556        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

20:35:31.0425 2556        VgaSave - ok

20:35:31.0441 2556        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

20:35:31.0456 2556        viaagp - ok

20:35:31.0472 2556        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

20:35:31.0472 2556        ViaC7 - ok

20:35:31.0503 2556        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

20:35:31.0503 2556        viaide - ok

20:35:31.0534 2556        viamraid        (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys

20:35:31.0550 2556        viamraid - ok

20:35:31.0597 2556        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

20:35:31.0612 2556        volmgr - ok

20:35:31.0659 2556        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

20:35:31.0659 2556        volmgrx - ok

20:35:31.0706 2556        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

20:35:31.0706 2556        volsnap - ok

20:35:31.0737 2556        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

20:35:31.0737 2556        vsmraid - ok

20:35:31.0784 2556        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

20:35:31.0784 2556        WacomPen - ok

20:35:31.0815 2556        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:35:31.0815 2556        Wanarp - ok

20:35:31.0831 2556        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

20:35:31.0831 2556        Wanarpv6 - ok

20:35:31.0878 2556        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

20:35:31.0878 2556        Wd - ok

20:35:31.0924 2556        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

20:35:31.0940 2556        Wdf01000 - ok

20:35:32.0018 2556        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

20:35:32.0018 2556        WmiAcpi - ok

20:35:32.0080 2556        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

20:35:32.0096 2556        WpdUsb - ok

20:35:32.0143 2556        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

20:35:32.0143 2556        ws2ifsl - ok

20:35:32.0205 2556        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:35:32.0205 2556        WUDFRd - ok

20:35:32.0268 2556        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

20:35:32.0283 2556        \Device\Harddisk0\DR0 - ok

20:35:32.0283 2556        Boot (0x1200)   (865c862497b6d1c51b60117ae6a4a19b) \Device\Harddisk0\DR0\Partition0

20:35:32.0283 2556        \Device\Harddisk0\DR0\Partition0 - ok

20:35:32.0314 2556        Boot (0x1200)   (7b3624c56f94431cb5f2e9d1b977eb4d) \Device\Harddisk0\DR0\Partition1

20:35:32.0314 2556        \Device\Harddisk0\DR0\Partition1 - ok

20:35:32.0314 2556        ============================================================

20:35:32.0314 2556        Scan finished

20:35:32.0314 2556        ============================================================

20:35:32.0330 2272        Detected object count: 0

20:35:32.0330 2272        Actual detected object count: 0

Du kannst noch folgendes versuchen:
1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.

Zitat:

-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!

Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
► Start → Alle Programme → Zubehör → Systemprogramme → Systemwiederherstellung

->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
► Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)

Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

2.

Zitat:

Sollte die Systemwiederherstellung nicht funktionieren (Malware kann es verhindern):
- Du kannst auch noch die folgenden Methoden ausprobieren, um das Problem zu beheben.:-> Verwenden der letzten als funktionierend bekannten Konfiguration

► berichte mir, welchen Erfolg Du damit erzielt hast?!

Punkt 7 fehlt noch:-> http://www.trojaner-board.de/105104-...tml#post720933

Systemwiederherstellung habe ich versucht,
jedoch nicht erfolgreich (Meldung, dass die Systemwiederherstellung nicht möglich ist).

Auch die 2. Option (letzte bekannte Konfiguration) habe ich gezogen - auch hier keine Veränderung / Verbesserung zu erkennen...

Nun noch das Ergebnis zu # 7:

Code:

 3D-Globus DVD 2.0        NATIONAL GEOGRAPHIC        23.05.2009                1.00.0000

7-Zip 9.20                14.11.2011        3,54MB        

Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        15.02.2008        14,0MB        

Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        21.03.2011                10.2.153.1

Adobe Reader 8.1.3 - Deutsch        Adobe Systems Incorporated        31.12.2008        99,7MB        8.1.3

Adobe SVG Viewer 3.0                19.12.2010        4,78MB         3.0

ANSTOSS 3                15.05.2008        638MB        

Apple Application Support        Apple Inc.        13.05.2011        51,0MB        1.5.1

Apple Mobile Device Support        Apple Inc.        13.05.2011        21,8MB        3.4.0.25

Apple Software Update        Apple Inc.        13.05.2011        2,26MB        2.1.2.120

ATI Catalyst Install Manager        ATI Technologies, Inc.        13.03.2008        13,8MB        3.0.641.0

ATI Uninstaller        ATI Technologies, Inc.        15.02.2008        13,9MB        

Audacity 1.2.6                22.10.2010        8,43MB        

Avira Free Antivirus        Avira        27.10.2011        153,2MB        12.0.0.861

BDElster-Telemodul                25.02.2010        0,81MB        

Bonjour        Apple Inc.        13.05.2011        1,10MB        2.0.5.0

Buhl finance - tax 2004 Standard        Buhl Data Service GmbH        26.02.2010        1,09MB        5.00

Bullzip PDF Printer 6.0.0.766        Bullzip        30.04.2009        13,8MB        

CCleaner        Piriform        22.11.2011        4,13MB        3.12

Compatibility Pack für 2007 Office System        Microsoft Corporation        19.09.2011        111,0MB        12.0.6514.5001

CorelDRAW(R) Graphics Suite X4        Corel Corporation        31.12.2008        818MB        

CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension        Corel Corporation        31.12.2008        1,81MB        

Default        Ihr Firmenname        15.05.2008        1,91MB        1.00.0000

Die Siedler II - Die nächste Generation                06.03.2010        512MB        

Digitale Bibliothek 4                28.02.2009        7,55MB        

FirstSteps Diagnostics        Fujitsu Siemens Computers        30.10.2007        4,67MB        1.00

FUSSBALL MANAGER 09        Electronic Arts        14.10.2010        3.842MB        

Fussball Manager 2003                18.12.2008        801MB        

Garmin Training Center        Garmin Ltd or its subsidiaries        17.09.2010        58,3MB        3.5.3

Garmin USB Drivers        Garmin Ltd or its subsidiaries        17.09.2010        0,12MB        2.3.0.0

Google Earth        Google        27.06.2008        25,3MB        4.3.7204.836

Google Toolbar for Internet Explorer        Google Inc.        06.11.2011        10,7MB        7.2.2304.102

Google Updater        Google Inc.        02.10.2011        3,99MB        2.4.2432.1652

GPL Ghostscript Lite 8.63                30.04.2009        11,4MB        

HP Customer Participation Program 14.0        HP        14.05.2010        211MB        14.0

HP Imaging Device Functions 14.0        HP        14.05.2010        2,45MB        14.0

HP Photo Creations        HP Photo Creations Powered by RocketLife        23.05.2010        30,1MB        1.0.0.2261

HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6        HP        14.05.2010        28,1MB        14.0

HP Smart Web Printing 4.60        HP        14.05.2010        25,4MB        4.60

HP Solution Center 14.0        HP        14.05.2010        2,54MB        14.0

HP Update        Hewlett-Packard        14.05.2010        2,97MB        5.002.002.002

iTunes        Apple Inc.        13.05.2011        143,9MB        10.2.2.14

Java(TM) 6 Update 21        Sun Microsystems, Inc.        31.07.2010        293MB        6.0.210

Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        16.11.2011        6,76MB        1.51.2.1300

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        23.08.2009        37,0MB        

Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        22.08.2009        37,0MB        

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        12.08.2010        120,3MB        4.0.30319

Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        12.08.2010        24,5MB        4.0.30319

Microsoft Office 97, Professional Edition                21.02.2008        960MB        

Microsoft Office Home and Student 2010        Microsoft Corporation        08.10.2011        960MB        14.0.6029.1000

Microsoft Silverlight        Microsoft Corporation        18.10.2011        202MB        4.0.60831.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        28.07.2009        0,25MB        8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        25.06.2011        0,29MB        8.0.61001

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        28.07.2009        0,19MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        27.06.2009        0,58MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        30.01.2010        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        25.06.2011        0,58MB        9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        20.10.2011        16,5MB        10.0.40219

Microsoft Works        Microsoft Corporation        12.12.2009        3,40MB        08.05.0822

Motorola SM56 Speakerphone Modem        Motorola Inc        12.08.2010        2,71MB        6.12.25.06

Mozilla Firefox 7.0.1 (x86 de)        Mozilla        15.10.2011        32,8MB        7.0.1

MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        30.10.2007        1,27MB        4.20.9849.0

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        14.11.2008        1,28MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,34MB        4.20.9876.0

Nero 7 Essentials        Nero AG        30.10.2007        377MB        7.02.5851

OpenOffice.org 3.2        OpenOffice.org        31.07.2010        379MB        3.2.9502

Paint.NET v3.36        dotPDN LLC        26.12.2008        3,97MB        3.36.0

Pingus                11.07.2008                0.7.2

Pixum ePrint 1.2        Diginet GmbH & Co. KG        08.08.2010        8,54MB        1.2.5105.10000

QuickTime        Apple Inc.        13.05.2011        72,8MB        7.69.80.9

Realtek High Definition Audio Driver                30.10.2007                

Safari        Apple Inc.        17.11.2009        37,1MB        5.31.21.10

Shop for HP Supplies        HP        14.05.2010        211MB        14.0

Siedler3                04.03.2010        233MB        

softonic-de3 Toolbar        softonic-de3        03.06.2011        10,3MB        

Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        31.12.2008        32,5MB        8.0.0

t@x 2009 Standard        Buhl Data Service GmbH        31.12.2009        526MB        16.00.6228

t@x 2010 Standard        Buhl Data Service GmbH        30.01.2010        688MB        17.00.6531

t@x 2011        Buhl Data Service GmbH        03.06.2011        659MB        18.00.6928

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)        Garmin        17.09.2010                06/03/2009 2.3.0.0

Windows Live Anmelde-Assistent        Microsoft Corporation        05.03.2009        1,93MB        5.000.818.6

Windows Live Messenger        Microsoft Corporation        12.03.2008        30,0MB        8.5.1302.1018

Windows Mobile Device Center Driver Update        Microsoft Corporation        31.01.2009        42,4MB        6.1.6965.0

Windows Mobile®-MDA Touch Handbuch        Microsoft Corporation        31.01.2009        25,8MB        1.0

WISO Sparbuch 2005        Buhl Data Service GmbH        20.03.2010        104,3MB        12.00.0000

WISO Sparbuch 2006        Buhl Data Service GmbH        21.03.2010        1.132MB        13.00.0000

Soll ich mit dem CCleaner auch den sogenannten "Cleaner" (sprich Reinigungsvorgang) starten?
Oder macht das keinen Sinn?

Gibt es noch eine weitere Möglichkeit herauszufinden, wie es um mein System steht...?

Zitat:

Zitat von Zyx124 (Beitrag 724578)

Systemwiederherstellung habe ich versucht,
jedoch nicht erfolgreich (Meldung, dass die Systemwiederherstellung nicht möglich ist).

im abgesicherten Modus auch nicht?

Ich habe die Systemwiederherstellung im Abgesichten Modus durchgeführt - und es hat funktioniert.
Desktop / Startmenü / Taskleiste etc. wieder wie vorher.

Jedoch meldet der Avira AntirVir Echtzeitscanner, dass dieser nicht aktiv ist - und ich kann ihn anscheinend nicht aktivieren.
Hier der Report vom heutigen Tag:

Code:

 27.11.2011,13:56:10 [INFO] ---------------------------------------------------------

27.11.2011,13:56:10 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!

27.11.2011,13:56:37 [INFO] Echtzeit Scanner Version: 12.01.00.18, Engine Version 8.2.6.116, VDF Version: 7.11.18.23

27.11.2011,13:56:37 [INFO] Online-Dienste stehen zur Verfügung.

27.11.2011,13:56:37 [INFO] Echtzeit Scanner wurde aktiviert

27.11.2011,13:56:37 [INFO] Verwendete Konfiguration der Echtzeitsuche:

      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen

      - Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL* .XML .XXX .ZIP

      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen

      - Aktion: Benutzer fragen

      - Archive durchsuchen: Deaktiviert

      - Makrovirenheuristik: Aktiviert

      - Win32 Dateiheuristik: Erkennungsstufe mittel

      - Protokollierungsstufe: Standard

27.11.2011,13:57:44 [INFO] Update-Auftrag gestartet!

27.11.2011,13:58:51 [INFO] Aktuelle Engine Version: 8.2.6.120

27.11.2011,13:58:51 [INFO] Aktuelle Version der VDF-Datei: 7.11.18.78

27.11.2011,14:01:31 [INFO] Der Avira Free Antivirus Dienst wurde beendet!

27.11.2011,14:03:24 [INFO] ---------------------------------------------------------

27.11.2011,14:03:24 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!

27.11.2011,14:03:41 [INFO] Echtzeit Scanner Version: 12.01.00.18, Engine Version 8.2.6.120, VDF Version: 7.11.18.78

27.11.2011,14:03:42 [INFO] Online-Dienste stehen zur Verfügung.

27.11.2011,14:03:42 [INFO] Echtzeit Scanner wurde aktiviert

27.11.2011,14:03:42 [INFO] Verwendete Konfiguration der Echtzeitsuche:

      - Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen

      - Geprüfte Dateien: Dateierweiterungsliste verwenden: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL* .XML .XXX .ZIP

      - Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen

      - Aktion: Benutzer fragen

      - Archive durchsuchen: Deaktiviert

      - Makrovirenheuristik: Aktiviert

      - Win32 Dateiheuristik: Erkennungsstufe mittel

      - Protokollierungsstufe: Standard

27.11.2011,14:03:44 [INFO] Der Avira Free Antivirus Dienst wurde beendet!

27.11.2011,14:23:38 [INFO] ---------------------------------------------------------

27.11.2011,14:23:38 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!

      [WARNUNG] Die Engine und VDF konnten nicht vom Installationsverzeichnis geladen werden. Die Engine und VDF werden stattdessen von der Backup Kopie geladen.

27.11.2011,14:23:38 [FEHLER] Unbekannte Fehlernummer bei der Initialisierung der Engine.

27.11.2011,14:42:19 [INFO] ---------------------------------------------------------

27.11.2011,14:42:19 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!

      [WARNUNG] Die Engine und VDF konnten nicht vom Installationsverzeichnis geladen werden. Die Engine und VDF werden stattdessen von der Backup Kopie geladen.

27.11.2011,14:42:22 [FEHLER] Unbekannte Fehlernummer bei der Initialisierung der Engine.

27.11.2011,15:05:43 [INFO] ---------------------------------------------------------

27.11.2011,15:05:44 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!

      [WARNUNG] Die Engine und VDF konnten nicht vom Installationsverzeichnis geladen werden. Die Engine und VDF werden stattdessen von der Backup Kopie geladen.

27.11.2011,15:05:47 [FEHLER] Unbekannte Fehlernummer bei der Initialisierung der Engine.

Was kann nun passiert sein bzw wie kann ich es beheben?