Home » WLAN & Router Sicherheit sowie Konfiguration » Keine Internetverbindung / Antivir Inst schlug fehl / Absturz Gmer » Themenansicht
Keine Internetverbindung / Antivir Inst schlug fehl / Absturz Gmer |
||
|---|---|---|
| #0
| ||
|
25.02.2010, 20:30
Member
Beiträge: 42 |
||
 
|
|
|
|
25.02.2010, 23:02
Ehrenmitglied
 Beiträge: 6028 |
#2
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510 Update Malwarebytes' Anti-Malware Jetzt Datenbank Version: 3793 Wähle bei Reiter:“Scanner”>> Vollstaendigen Suchlauf durchführen __________ MfG Argus |
|
|
|
|
|
|
01.03.2010, 13:05
Member
Themenstarter Beiträge: 42 |
#3
So bin wieder aus dem Urlaub zurück! Moin zusammen! Die oben genannte Lösung lässt sich nicht verwirklichen, wie soll ich ein Update ziehen auf 3793, wenn ich mit dem Computer gar nicht erst online gehen kann. Finde ic dieses Update separat irgendwo, so dass ich es zusätzlich auf den nichtgehenden Laptop installieren kann???
|
|
|
|
|
|
|
01.03.2010, 14:56
Moderator
Beiträge: 5694 |
#4
Also dann wollen wir mal.
Schritt 1 Start->Ausführen - schreib rein: ipconfig /flushdns (beachte das Leerzeichen hinter ipconfig) Schritt 2 Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen. Schritt 3 Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf einem USB Stick >Schliesse den Stick an den Problemrechner an und verschiebe OTL.exe auf dessen Desktop. >Dort bennene otl.exe in Test.com um. >Doppelklick auf die Test.com -->Vista User: Rechtsklick auf die Test.com und "als Administrator ausführen" wählen >Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output >Unter Extra Registry, wähle bitte Use SafeList >Klicke nun auf Run Scan links oben >Wenn der Scan beendet wurde werden 2 Logfiles erstellt >Poste die Logfiles in Code-Tags hier in den Thread. |
|
|
|
|
|
|
22.03.2010, 10:31
Member
Themenstarter Beiträge: 42 |
#5
Moin moin,
tut mir Leid das ich mich nicht abgemeldet habe. Wir waren für längere Zeit nicht am Rechner, leider besteht das Problem weiterhin! 1. ipconfig /flushdns wurde durchgeführt 2. scan mit OTL wurde durchgeführt, im Anschluß - Logfiles OTL Logfile --------------------------------------------------- OTL logfile created on: 22.03.2010 10:22:49 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Hutschep\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,42 Gb Total Space | 181,60 Gb Free Space | 82,02% Space Free | Partition Type: NTFS Drive D: | 11,46 Gb Total Space | 2,13 Gb Free Space | 18,57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1,87 Gb Total Space | 0,51 Gb Free Space | 27,09% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HUTSCHEP-PC Current User Name: Hutschep Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Hutschep\Desktop\Test.com.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - c:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - C:\Users\Hutschep\Desktop\Test.com.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (OA004Vid) -- C:\Windows\System32\drivers\OA004Vid.sys (Creative Technology Ltd.) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (OA004Ufd) -- C:\Windows\System32\drivers\OA004Ufd.sys (Creative Technology Ltd.) DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=HP&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.01 13:07:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.01 13:07:03 | 000,000,000 | ---D | M] [2010.03.01 13:07:23 | 000,000,000 | ---D | M] -- C:\Users\Hutschep\AppData\Roaming\mozilla\Extensions [2010.03.01 13:16:02 | 000,000,000 | ---D | M] -- C:\Users\Hutschep\AppData\Roaming\mozilla\Firefox\Profiles\f1eunflg.default\extensions [2010.03.01 13:16:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hutschep\AppData\Roaming\mozilla\Firefox\Profiles\f1eunflg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.01 13:07:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hutschep\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Hutschep\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2010.03.22 10:16:49 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Hutschep\Desktop\Test.com.exe [2010.03.22 10:16:06 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.03.01 21:15:17 | 000,000,000 | ---D | C] -- C:\PerfLogs [2010.03.01 14:21:37 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.03.01 14:21:37 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.03.01 14:21:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.03.01 14:21:17 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.03.01 14:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.03.01 13:07:11 | 000,000,000 | ---D | C] -- C:\Users\Hutschep\AppData\Roaming\Mozilla [2010.03.01 13:07:11 | 000,000,000 | ---D | C] -- C:\Users\Hutschep\AppData\Local\Mozilla [2010.03.01 13:07:00 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2010.02.25 20:14:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.02.25 19:49:52 | 000,000,000 | ---D | C] -- C:\Programme\HJT [2010.02.25 19:37:43 | 000,000,000 | ---D | C] -- C:\Windows\temp [2010.02.25 19:35:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2010.02.25 19:28:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.02.25 19:28:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.02.25 19:28:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.02.25 19:28:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.02.25 19:28:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.02.25 19:28:21 | 000,000,000 | ---D | C] -- C:\ComboFix [2010.02.25 19:27:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.02.25 19:11:57 | 000,000,000 | ---D | C] -- C:\Users\Hutschep\AppData\Roaming\Malwarebytes [2010.02.25 19:11:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.02.25 19:11:52 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.02.25 19:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.02.25 19:11:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.02.23 20:21:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.02.23 20:20:12 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2010.02.23 20:20:12 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2010.02.23 20:20:11 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2010.02.23 20:20:11 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2010.02.23 20:20:10 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2010.02.23 20:20:09 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2010.02.23 20:20:09 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2010.02.23 20:20:08 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2010.02.23 20:20:08 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2010.02.20 12:08:14 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010.02.20 12:08:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010.02.20 12:04:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.02.20 12:04:53 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.02.20 12:04:53 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.02.20 12:04:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.02.20 12:04:52 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.02.20 12:04:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.02.20 12:04:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.02.20 12:04:52 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.02.20 12:04:51 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.02.20 12:04:50 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.02.20 12:04:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.02.20 12:04:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.02.20 12:04:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.02.20 12:04:06 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2010.02.20 12:04:06 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2010.02.20 12:03:57 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.02.20 12:03:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2010.02.20 12:03:57 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010.02.20 12:03:57 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010.02.20 12:03:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2010.03.22 10:23:56 | 001,835,008 | -HS- | M] () -- C:\Users\Hutschep\NTUSER.DAT [2010.03.22 10:19:53 | 001,445,774 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.03.22 10:19:53 | 000,628,436 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.03.22 10:19:53 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.03.22 10:19:53 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.03.22 10:19:53 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.03.22 10:16:20 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.03.22 10:14:45 | 000,027,620 | ---- | M] () -- C:\Users\Hutschep\AppData\Roaming\nvModes.001 [2010.03.22 10:14:43 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010.03.22 10:13:48 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.03.22 10:13:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.03.22 10:13:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.03.22 10:13:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.03.22 10:13:25 | 2079,227,904 | -HS- | M] () -- C:\hiberfil.sys [2010.03.22 10:11:04 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Hutschep\Desktop\Test.com.exe [2010.03.03 19:29:13 | 000,524,288 | -HS- | M] () -- C:\Users\Hutschep\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.03.03 19:29:13 | 000,065,536 | -HS- | M] () -- C:\Users\Hutschep\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.03.03 19:29:08 | 000,977,182 | -H-- | M] () -- C:\Users\Hutschep\AppData\Local\IconCache.db [2010.03.01 21:29:43 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest [2010.03.01 21:24:20 | 000,416,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.03.01 14:22:03 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.03.01 14:19:56 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll [2010.03.01 14:19:52 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll [2010.03.01 13:07:08 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.03.01 12:43:52 | 000,118,136 | ---- | M] () -- C:\Users\Hutschep\AppData\Local\GDIPFONTCACHEV1.DAT [2010.03.01 12:18:16 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini [2010.02.25 20:14:04 | 287,561,804 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.02.25 19:49:52 | 000,001,633 | ---- | M] () -- C:\Users\Hutschep\Desktop\HijackThis.lnk [2010.02.25 19:35:12 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini [2010.02.25 19:11:55 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.03.01 14:22:03 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.03.01 13:07:08 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.02.25 20:13:26 | 287,561,804 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.02.25 19:28:26 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2010.02.25 19:28:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.02.25 19:28:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.02.25 19:28:26 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.02.25 19:28:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.02.25 19:23:16 | 000,001,633 | ---- | C] () -- C:\Users\Hutschep\Desktop\HijackThis.lnk [2010.02.25 19:11:55 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009.01.12 18:14:57 | 000,019,658 | ---- | C] () -- C:\Users\Hutschep\AppData\Local\internal.grp [2009.01.12 18:02:16 | 000,000,204 | ---- | C] () -- C:\Windows\ulead32.ini [2008.12.29 17:21:19 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI [2008.10.23 17:10:27 | 000,007,268 | ---- | C] () -- C:\Users\Hutschep\AppData\Local\d3d9caps.dat [2008.08.20 22:28:33 | 000,000,096 | ---- | C] () -- C:\Users\Hutschep\AppData\Local\fusioncache.dat [2008.08.20 19:15:24 | 000,021,504 | ---- | C] () -- C:\Users\Hutschep\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.12 16:09:12 | 000,027,620 | ---- | C] () -- C:\Users\Hutschep\AppData\Roaming\nvModes.001 [2008.08.12 16:04:49 | 000,027,620 | ---- | C] () -- C:\Users\Hutschep\AppData\Roaming\nvModes.dat [2008.08.12 13:45:26 | 000,000,000 | ---- | C] () -- C:\Users\Hutschep\AppData\Local\QSwitch.txt [2008.08.12 13:45:26 | 000,000,000 | ---- | C] () -- C:\Users\Hutschep\AppData\Local\DSwitch.txt [2008.08.12 13:45:26 | 000,000,000 | ---- | C] () -- C:\Users\Hutschep\AppData\Local\AtStart.txt [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.03.09 23:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll < End of report > OTL EXTRA - Logfile -------------------------------- OTL Extras logfile created on: 22.03.2010 10:22:49 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Hutschep\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,42 Gb Total Space | 181,60 Gb Free Space | 82,02% Space Free | Partition Type: NTFS Drive D: | 11,46 Gb Total Space | 2,13 Gb Free Space | 18,57% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 1,87 Gb Total Space | 0,51 Gb Free Space | 27,09% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HUTSCHEP-PC Current User Name: Hutschep Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VLC Player\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VLC Player\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DefaultOutboundAction" = 0 "DefaultInboundAction" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{726200FF-A3DD-48DB-A3FB-9B3A00E6DACE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C9DF11C4-604E-4E55-89FD-78F0DBA0399B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{DB9EDC4D-E17E-43D3-9A69-B2DCBC25E98A}" = lport=2869 | protocol=6 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{175CB745-ECA4-4749-91B4-622BB3C06AF6}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{1882ADE3-19AA-47E4-B12D-2D67027C16ED}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{1E0DB9C3-2099-44DC-9D18-5D2B170D89E1}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{4826F424-8685-4F85-936E-71344F02290A}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{5660E24C-0221-499A-9F13-D3C6E3721533}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{657C2FEA-D98A-442D-B166-D5E0B1DF1285}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{67D7CB42-C3A5-4FCB-AA0D-61CB8AC0D4D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{EFEBCD17-8BBC-435D-A87F-B71BA10F506B}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{FF6CF4D0-09DB-40D6-B838-2E7C38FA6DE1}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support "{2C4A5877-21D1-4A15-9D20-24BA54A24093}" = Playlist tool "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 D2 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6 "{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009 "{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}" = ESU for Microsoft Vista "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}" = Iomega Product Registration "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091 "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Creative OA004" = Integrated Webcam Driver (1.00.03.0720) "ENTERPRISE" = Microsoft Office Enterprise 2007 "Gehirnjogging - Special Edition" = Gehirnjogging - Special Edition "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6) "NVIDIA Drivers" = NVIDIA Drivers "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4 "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 0.9.8a "WildTangent hp Master Uninstall" = My HP Games "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "WinRAR archiver" = WinRAR [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 25.02.2010 15:26:24 | Computer Name = Hutschep-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\Hutschep\AppData\Local\Temp\RarSFX0\basic\setup.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 01.03.2010 07:12:15 | Computer Name = Hutschep-PC | Source = WerSvc | ID = 5007 Description = Error - 01.03.2010 08:28:01 | Computer Name = Hutschep-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 01.03.2010 08:32:58 | Computer Name = Hutschep-PC | Source = WerSvc | ID = 5007 Description = Error - 01.03.2010 09:01:03 | Computer Name = Hutschep-PC | Source = VSS | ID = 12305 Description = Error - 01.03.2010 09:01:03 | Computer Name = Hutschep-PC | Source = VSS | ID = 12293 Description = Error - 01.03.2010 09:01:05 | Computer Name = Hutschep-PC | Source = VSS | ID = 8194 Description = Error - 01.03.2010 16:21:34 | Computer Name = Hutschep-PC | Source = WerSvc | ID = 5007 Description = Error - 01.03.2010 16:31:37 | Computer Name = Hutschep-PC | Source = ESENT | ID = 215 Description = WinMail (3796) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde. Error - 01.03.2010 16:32:40 | Computer Name = Hutschep-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ OSession Events ] Error - 25.08.2008 12:41:36 | Computer Name = Hutschep-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 801 seconds with 780 seconds of active time. This session ended with a crash. [ TuneUp Events ] Error - 25.02.2010 14:11:56 | Computer Name = Hutschep-PC | Source = TuneUp Program Statistics | ID = 131840 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-25 19:11:56', '\device\harddiskvolume1\program files\malwarebytes' anti-malware\mbam.exe','3068',0) < End of report > |
|
|
|
|
|
|
22.03.2010, 10:39
Member
Themenstarter Beiträge: 42 |
#6
Ich habe soeben nochmal die Windows Netzwerkdiagnose ausgeführt, auf dem Laptop der auf den Router zugreifen soll, um ins Internet zukommen. Dabei erschien zum erstenmal die Info:
"www.microsoft.com" ist nicht eingerichtet, eine Verbindung auf Port "World Wide Web-Dienst (HTTP) mit diesem Computer einzugehen. Es wurde ein Problem ermittelt, das nicht automatisch behoben werden kann ... |
|
|
|
|
|
|
22.03.2010, 10:43
Moderator
Beiträge: 5694 |
#7
Hallo
Geht dann nur WLAN nicht oder auch mittels Kabel nicht? Schritt 1 Rootkitscan mit RootRepeal • Gehe hierhin, scrolle runter und downloade RootRepeal.zip. • Kopier die Datei wieder auf den USB Stick und dann auf den Desktop des PC's. • Entpacke die Datei auf Deinen Desktop. • Doppelklicke die RootRepeal.exe, um den Scanner zu starten. • Klicke auf den Reiter Report und dann auf den Button Scan. • Mache einen Haken bei den folgenden Elementen und klicke Ok. . Drivers Files Processes SSDT Stealth Objects Hidden Services Shadow SSDT . • Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen. • Wähle C:\ und klicke wieder Ok. • Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld. • Wenn der Suchlauf beendet ist, klicke auf Save Report. • Speichere das Logfile als RootRepeal.txt auf dem Desktop. • Kopiere den Inhalt hier in den Thread. Schritt 2 Partition mit chkdsk überprüfen und reparieren (Vista) Doppelklick auf "Computer" auf dem Desktop => Rechtsklick auf das Laufwerk D: => Eigenschaften => Tools => Fehlerüberprüfung => Jetzt prüfen => Fortsetzen => beide Option anhaken => Starten => Datenträgerüberprüfung planen. Rechner neu starten und anschließend am Rechner nichts machen, bis er fertig mit dem Scan ist. Das windowsintere Tool chkdsk überprüft die Festplatte und behebt etwaige Fehler. |
|
|
|
|
|
|
22.03.2010, 11:09
Member
Themenstarter Beiträge: 42 |
#8
Es funktioniert beides nicht! Bin gerade dabei Schritt 1 durchzuführen. Kann ich während des SCANS aus Schritt 1 auch Schritt 2 im Hintergrund laufen lassen???
|
|
|
|
|
|
|
22.03.2010, 11:19
Moderator
Beiträge: 5694 |
#9
Nein das solltest Du nie zwei Schritte auf einmal durchführen.
|
|
|
|
|
|
|
22.03.2010, 11:26
Member
Themenstarter Beiträge: 42 |
#10
Hier schon mal das Logfile von RootRepeal. Bin jetzt dabei den 2. Schritt laufen zulassen!
ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/03/22 11:06 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x90250000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x90245000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x9B9C8000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{77e782a7-252d-11df-81e0-001e68690aaf}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: c:\programdata\symantec\liveupdate\2010-03-22_log.aluschedulersvc.liveupdate Status: Allocation size mismatch (API: 4096, Raw: 0) Path: C:\Windows\System32\wbem\PRINTF~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.16720_none_a7f9fcdcd724c803\JSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.20883_none_91321380f0c70cf6\JSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18000_none_a7d3f834d777a15b\JSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18111_none_a7d4e192d776d4a4\JSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.22230_none_9109522ef11c4db7\JSCEXE~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6000.16720_de-de_65722c179a7be658\MSCORL~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fdphost_31bf3856ad364e35_6.0.6000.16386_none_796181ee71814389\$$DeleteMe.fdPHost.dll.01cab97c30b59410.00d2 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fdssdp_31bf3856ad364e35_6.0.6000.16386_none_38a7309b7753508d\$$DeleteMe.fdSSDP.dll.01cab97c166520d0.0084 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fdwsd_31bf3856ad364e35_6.0.6000.16386_none_7b71c177c53ac7c1\$$DeleteMe.fdWSD.dll.01cab97c3bf5d3d0.00fa Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0.6000.16386_none_79adacdc3df77f81\$$DeleteMe.fundisc.dll.01cab97c0df3c050.0067 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.0.6000.16386_none_318fc418263bf156\$$DeleteMe.pcadm.dll.01cab97c41fc4ed0.0112 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.0.6000.16386_none_318fc418263bf156\$$DeleteMe.pcasvc.dll.01cab97c26e186b0.00b7 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_d2da41c24fcec5ef\$$DeleteMe.apphelp.dll.01cab97c3c1002f0.00fc Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6000.16386_none_5cfbb23d699248a8\$$DeleteMe.adsldpc.dll.01cab97c0dd26d10.0066 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-activexproxy_31bf3856ad364e35_6.0.6000.16386_none_0fd77173ed5f45c2\$$DeleteMe.actxprxy.dll.01cab97bf9ac2970.0026 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6000.16386_de-de_6d61e03ec50bd2fe\$$DeleteMe.advapi32.dll.mui.01cab97c5d78af50.0134 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6000.16386_none_e1118fae8996a7dc\$$DeleteMe.advapi32.dll.01cab97bff61b5b0.0036 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6000.16386_none_3fd3e2bdc5a2408e\$$DeleteMe.SmartcardCredentialProvider.dll.01cab97c2bb02d90.00c4 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\$$DeleteMe.atl.dll.01cab97c2c69d8d0.00c6 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6000.16386_none_b3a8fa3e54c50ab3\$$DeleteMe.winmm.dll.01cab97c34512990.00db Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.16513_none_0a056d7cf846bbd5\$$DeleteMe.authui.dll.01cab97c25d229f0.00b0 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6000.16386_none_635c5092764d99de\$$DeleteMe.LogonUI.exe.01cab97c24235110.00a8 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_de-de_745a31c73a27ddfc\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_el-gr_1cf05f5a293d468a\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1d4b07c02905e9c1\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_es-es_1d1664a4292cdb66\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_fi-fi_bc3169511e46cd90\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_bfcddaa31bfef1c8\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_it-it_a9f5d0e9f330d746\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_4c1b4ff6e64be921\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_ko-kr_ef852cabd8bcb037\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_nb-no_d817ade0b0e1dbf3\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_d656f91eb20de5c8\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_1c9353a09730537c\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_pt-br_1ee73e4495b9e760\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_666c1f747a0ae568\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_sv-se_026709e97133efc3\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_tr-tr_ab7454305feff1b4\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_zh-cn_7cd1722e1027c3d3\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_zh-hk_7b7c6abc11033663\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_80cdaf840d98a043\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_el-gr_b6847fa14b5b0313\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_en-us_b6df28074b23a64a\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_es-es_b6aa84eb4b4a97ef\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_fi-fi_55c5899840648a19\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_5961faea3e1cae51\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_hu-hu_a0d27b32227c7d6d\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_it-it_4389f131154e93cf\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_hu-hu_073e5aeb005ec0e4\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..ager-pcat.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_1fc90db09529573c\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_de-de_0dee520e5c459a85\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_e5af703e0869a5aa\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_ko-kr_89194cf2fada6cc0\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_nb-no_71abce27d2ff987c\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_6feb1965d42ba251\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_b62773e7b94e1005\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_pt-br_b87b5e8bb7d7a3e9\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_b95d2df7b74713c5\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_00003fbb9c28a1f1\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_tr-tr_45087477820dae3d\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_zh-cn_166592753245805c\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_zh-hk_15108b033320f2ec\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-b..nment-pxe.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_1a61cfcb2fb65ccc\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\$$DeleteMe.bcrypt.dll.01cab97c0224ae10.003b Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\$$DeleteMe.qmgr.dll.01cab97c1d0fdab0.0099 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.0.6000.16386_none_76b264bda1136499\$$DeleteMe.browser.dll.01cab97c0c663ab0.0061 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6000.16386_none_af357b0d92153e84\$$DeleteMe.bitsigd.dll.01cab97c19a64210.008f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6000.16386_none_047d4bceda254122\$$DeleteMe.Query.dll.01cab97c1c621650.0095 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6000.16386_none_d4dab19871ad5771\$$DeleteMe.diagperf.dll.01cab97c44e2fbd0.0117 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cabinet_31bf3856ad364e35_6.0.6000.16386_none_35088f20e500a372\$$DeleteMe.cabinet.dll.01cab97c363460b0.00e0 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6000.16386_none_d546f3803fbc7752\$$DeleteMe.certcli.dll.01cab97c0f3e9f70.006b Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cbsapi_31bf3856ad364e35_6.0.6000.16386_none_4c2b1119f37be620\$$DeleteMe.CbsApi.dll.01cab97c65f5f6b0.0139 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6000.16386_none_a797884c5d9fcdc5\$$DeleteMe.cmiv2.dll.01cab97c556b4890.012e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6000.16470_none_2320546141637f8f\$$DeleteMe.imagehlp.dll.01cab97c3d7c3550.0102 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.0.6000.16470_none_2320546141637f8f\$$DeleteMe.wmi.dll.01cab97c39b82870.00ed Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23\$$DeleteMe.cfgmgr32.dll.01cab97c1d3ab370.009a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6000.16609_none_75246f2a2fbd4c23\$$DeleteMe.umpnpmgr.dll.01cab97c3ef44e90.0108 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6000.16386_none_d9008ac592026334\$$DeleteMe.credui.dll.01cab97bf505f9f0.0011 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptdll-dll_31bf3856ad364e35_6.0.6000.16386_none_0367c3eab0da6051\$$DeleteMe.cryptdll.dll.01cab97c26b90f50.00b5 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6000.16386_none_83b799629b384243\$$DeleteMe.cryptui.dll.01cab97c2305ac10.00a6 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\$$DeleteMe.crypt32.dll.01cab97c2e4d0ff0.00cd Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.0.6000.16386_none_14e27f1dfeeaa870\$$DeleteMe.cryptnet.dll.01cab97c1bf235b0.0092 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\$$DeleteMe.cryptsvc.dll.01cab97c1273d9d0.0075 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-csrsrv_31bf3856ad364e35_6.0.6000.16445_none_c77ab655a8530501\$$DeleteMe.csrsrv.dll.01cab97beaa31a10.000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\$$DeleteMe.csrss.exe.01cab97bea6ebbd0.0008 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.0.6000.16386_none_39c1f98787f99c82\$$DeleteMe.dssenh.dll.01cab97c44bce5d0.0116 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_el-gr_9c85d8321884ca1a\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_en-us_9ce08098184d6d51\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_es-es_9cabdd7c18745ef6\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_fi-fi_3bc6e2290d8e5120\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_3f63537b0b467558\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_hu-hu_86d3d3c2efa64474\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_it-it_298b49c1e2785ad6\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_de-de_f3efaa9f296f618c\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_ja-jp_cbb0c8ced5936cb1\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_sv-se_81fc82c1607b7353\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6000.16386_none_9adace8ff858851e\$$DeleteMe.WUDFHost.exe.01cab97c4778ba10.011c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6000.16386_none_9adace8ff858851e\$$DeleteMe.WUDFPlatform.dll.01cab97c14929350.007f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6000.16386_none_9adace8ff858851e\$$DeleteMe.WUDFSvc.dll.01cab97bfd4c81b0.002f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.0.6000.16386_none_9adace8ff858851e\$$DeleteMe.WUDFx.dll.01cab97c0c9a98f0.0062 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_ko-kr_6f1aa583c80433c7\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_nb-no_57ad26b8a0295f83\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_nl-nl_55ec71f6a1556958\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_pl-pl_9c28cc788677d70c\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_pt-br_9e7cb71c85016af0\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_pt-pt_9f5e86888470dacc\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_e601984c695268f8\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_tr-tr_2b09cd084f377544\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_zh-cn_fc66eb05ff6f4763\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_zh-hk_fb11e394004ab9f3\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..files-x64.resources_31bf3856ad364e35_6.0.6000.16386_zh-tw_0063285bfce023d3\BOOTMG~1.MUI Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6000.16386_none_cca68469f44b4003\$$DeleteMe.ntdsapi.dll.01cab97c08db4ed0.0050 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6000.16386_none_8b6cd218c046ea63\$$DeleteMe.uxsms.dll.01cab97c3d9fe9f0.0103 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..txvideoacceleration_31bf3856ad364e35_6.0.6000.16386_none_699df0924547df44\$$DeleteMe.dxva2.dll.01cab97c348a4a90.00dc Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16609_none_68015a2337d92e69\$$DeleteMe.dpx.dll.01cab97c26d59fd0.00b6 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-deltacompressionengine_31bf3856ad364e35_6.0.6000.16386_none_3df5a61c88d408ee\$$DeleteMe.mspatcha.dll.01cab97bf9d70230.0027 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\$$DeleteMe.dhcpcsvc.dll.01c9a67b386b0045.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16512_none_d56b19bc316f9001\$$DeleteMe.dhcpcsvc6.dll.01c9a67b38d87f57.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dims_31bf3856ad364e35_6.0.6000.16386_none_a74c11b71e09911f\$$DeleteMe.dimsjob.dll.01cab97c376e9630.00e5 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_afb79761a4097d90\$$DeleteMe.samlib.dll.01cab97c1c02df50.0093 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_afb79761a4097d90\$$DeleteMe.samsrv.dll.01cab97bfdc12510.0030 Status: Locked to the Windows API! Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1172 Status: Locked to the Windows API! SSDT ------------------- #: 021 Function Name: NtAlpcConnectPort Status: Hooked by "<unknown>" at address 0x86f30408 #: 078 Function Name: NtCreateThread Status: Hooked by "<unknown>" at address 0x9b72b444 #: 194 Function Name: NtOpenProcess Status: Hooked by "<unknown>" at address 0x9b72b430 #: 201 Function Name: NtOpenThread Status: Hooked by "<unknown>" at address 0x9b72b435 #: 334 Function Name: NtTerminateProcess Status: Hooked by "<unknown>" at address 0x9b72b43f ==EOF== |
|
|
|
|
|
|
22.03.2010, 11:36
Moderator
Beiträge: 5694 |
#11
Mach danach bitte noch folgendes:
Schritt 1 START --> Ausführen --> gib ein: CMD Dann gib ein ipconfig /all und kopiere es wie hier beschrieben Schritt 2 START --> Ausführen --> gib ein: CMD Dann gib ein Zitat ping 192.168.1.1--> Enter Das gleiche mit: Zitat tracert google.de(eingeben bei CMD) Berichte wie viele Pakete ankommen. |
|
|
|
|
|
|
22.03.2010, 11:37
Member
Themenstarter Beiträge: 42 |
#12
So Schritt 2 war auch erfolgreich und es sind keine Fehler aufgetreten!
|
|
|
|
|
|
|
22.03.2010, 11:53
Moderator
Beiträge: 5694 |
#13
Post bereits oben
|
|
|
|
|
|
|
22.03.2010, 12:25
Member
Themenstarter Beiträge: 42 |
#14
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten. C:\Users\Hutschep>ping 192.168.1.1 Ping wird ausgeführt für 192.168.1.1 mit 32 Bytes Daten: Zeitüberschreitung der Anforderung. Zeitüberschreitung der Anforderung. Zeitüberschreitung der Anforderung. Zeitüberschreitung der Anforderung. Ping-Statistik für 192.168.1.1: Pakete: Gesendet = 4, Empfangen = 0, Verloren = 4 (100% Verlust), C:\Users\Hutschep>tracert google.de Routenverfolgung zu google.de [209.85.229.104] über maximal 30 Abschnitte: 1 1 ms <1 ms 1 ms speedport.ip [192.168.2.1] 2 57 ms * * 217.0.116.15 3 59 ms 57 ms 55 ms 217.0.65.2 4 60 ms 60 ms 60 ms b-ea6-i.B.DE.NET.DTAG.DE [62.154.46.150] 5 62 ms 61 ms 64 ms 194.25.211.30 6 64 ms 64 ms 61 ms 209.85.249.182 7 71 ms 75 ms 70 ms 216.239.48.4 8 79 ms 77 ms 78 ms 216.239.43.127 9 76 ms 78 ms 78 ms 64.233.175.247 10 77 ms 80 ms 77 ms 72.14.232.130 11 79 ms 82 ms 78 ms 209.85.252.83 12 * * * Zeitüberschreitung der Anforderung. 13 80 ms 84 ms 80 ms ww-in-f104.1e100.net [209.85.229.104] Ablaufverfolgung beendet. C:\Users\Hutschep>ipconfig /all Windows-IP-Konfiguration Hostname . . . . . . . . . . . . : Hutschep-PC Primäres DNS-Suffix . . . . . . . : Knotentyp . . . . . . . . . . . . : Hybrid IP-Routing aktiviert . . . . . . : Nein WINS-Proxy aktiviert . . . . . . : Nein DNS-Suffixsuchliste . . . . . . . : Speedport_W_502V_Typ_A Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung: Verbindungsspezifisches DNS-Suffix: Speedport_W_502V_Typ_A Beschreibung. . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter Physikalische Adresse . . . . . . : 00-1F-E1-5B-D8-3B DHCP aktiviert. . . . . . . . . . : Ja Autokonfiguration aktiviert . . . : Ja IPv4-Adresse . . . . . . . . . . : 192.168.2.100(Bevorzugt) Subnetzmaske . . . . . . . . . . : 255.255.255.0 Lease erhalten. . . . . . . . . . : Montag, 22. März 2010 11:36:00 Lease läuft ab. . . . . . . . . . : Freitag, 26. März 2010 11:36:00 Standardgateway . . . . . . . . . : 192.168.2.1 DHCP-Server . . . . . . . . . . . : 192.168.2.1 DNS-Server . . . . . . . . . . . : 192.168.2.1 NetBIOS über TCP/IP . . . . . . . : Aktiviert Ethernet-Adapter LAN-Verbindung: Medienstatus. . . . . . . . . . . : Medium getrennt Verbindungsspezifisches DNS-Suffix: Speedport_W_502V_Typ_A Beschreibung. . . . . . . . . . . : NVIDIA nForce Networking Controller Physikalische Adresse . . . . . . : 00-1E-68-69-0A-AF DHCP aktiviert. . . . . . . . . . : Ja Autokonfiguration aktiviert . . . : Ja Tunneladapter LAN-Verbindung*: Medienstatus. . . . . . . . . . . : Medium getrennt Verbindungsspezifisches DNS-Suffix: Speedport_W_502V_Typ_A Beschreibung. . . . . . . . . . . : isatap.Speedport_W_502V_Typ_A Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja Tunneladapter LAN-Verbindung* 5: Medienstatus. . . . . . . . . . . : Medium getrennt Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : 6TO4 Adapter Physikalische Adresse . . . . . . : 00-00-00-00-00-00-00-E0 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja Tunneladapter LAN-Verbindung* 9: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physikalische Adresse . . . . . . : 02-00-54-55-4E-01 DHCP aktiviert. . . . . . . . . . : Nein Autokonfiguration aktiviert . . . : Ja IPv6-Adresse. . . . . . . . . . . : 2001:0:5ef5:73bc:18c0:32a4:3f57:fd9b(Bevo rzugt) Verbindungslokale IPv6-Adresse . : fe80::18c0:32a4:3f57:fd9b%11(Bevorzugt) Standardgateway . . . . . . . . . : :: NetBIOS über TCP/IP . . . . . . . : Deaktiviert C:\Users\Hutschep> |
|
|
|
|
|
|
22.03.2010, 12:57
Moderator
Beiträge: 5694 |
#15
ICh weiss nicht ob es damit zu tun hat:
Zitat IP-Routing aktiviert . . . . . . : NeinWerde den Beitrag vorübergehend einmal verschieben. Da können die Experten die IPCONFIG durschauen. Evtl kommt dabei etwas raus. |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
ich habe den schwerwiegenden Verdacht von Schädlingen auf meinem Computer. Ich kann mit meinem Computer schon seit längere Zeit nicht mehr ins Internet, obwohl eine Verbindung via WLAN steht. Des weiteren weist mich Windows darauf hin, dass keine Antivirensoftware installiert ist, welche ich aber installiert hatte. Sie ist auch nicht mehr aufzufinden. Aus diesem Grund wollte ich Antivir installieren, dies schlug jedoch fehl! Somit begab ich mich an den Home PC, um ins Internet zu gelangen und mir die entsprechende Software, wie HJT, Malwarebyte, Combofix, Gmer zu downloaden und zu installieren. Bei Gmer stürzte mein Computer ab! Die restlichen Programme erstellten Log-Dateien, wie unten angehangen.
Mein Betriebssystem liegt auf C: des weiteren habe ich eine Partition Laufwerk D: . Dieses Laufwerk hat eine Größe von 11 GB und dient als Recovery. Dort befindet sich ein namens "preload" mit einer Kapazität von 9 GB, ist das normal???
Ausserdem möchte Windows laufend Updates ausführen. Nachdem ich einen Blick in die Updateliste gewagt hatte, stellte ic zu meiner Verwunderung fest, dass angeblich 12 Updates (9 optionale) zu installieren wären, jedoch ist keines sichtbar und ich kann keines anwählen, da dieser Bildschirm weiß bleibt.
Ausserdem ist es mir nicht möglich, einen Wiederherstellungspunkt auszuwählen, um das System zurückzusetzen, obwohl mir TUNE UP anzeigt, dass ich 25 GB (!!!) and Wiederhesrstellungspunkte habe!
Malwarebyte:
----------------------------------------
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3510
Windows 6.0.6000
Internet Explorer 7.0.6000.16982
25.02.2010 19:26:26
mbam-log-2010-02-25 (19-26-26).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 99274
Laufzeit: 4 minute(s), 51 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
HJT
---------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:02, on 25.02.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=HP&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A27B9BC-75DC-42C6-A38C-1C2B8F3A78E5}: NameServer = 192.168.2.1,194.25.2.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A27B9BC-75DC-42C6-A38C-1C2B8F3A78E5}: NameServer = 192.168.2.1,194.25.2.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{0A27B9BC-75DC-42C6-A38C-1C2B8F3A78E5}: NameServer = 192.168.2.1,194.25.2.129
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5947 bytes
Combofix
---------------------------
ComboFix 10-02-24.03 - Hutschep 25.02.2010 19:29:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.1982.966 [GMT 1:00]
ausgeführt von:: f:\download\ComboFix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3278461948-276591668-3184260402-500
c:\$recycle.bin\S-1-5-21-4216979340-3896114504-1173513286-500
c:\windows\system32\KBL.LOG
.
((((((((((((((((((((((( Dateien erstellt von 2010-01-25 bis 2010-02-25 ))))))))))))))))))))))))))))))
.
2010-02-25 18:34 . 2010-02-25 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-25 18:11 . 2010-02-25 18:11 -------- d-----w- c:\users\Hutschep\AppData\Roaming\Malwarebytes
2010-02-25 18:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 18:11 . 2010-02-25 18:11 -------- d-----w- c:\programdata\Malwarebytes
2010-02-25 18:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-25 18:11 . 2010-02-25 18:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-20 11:08 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 11:08 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-20 11:08 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 11:03 . 2009-12-28 12:36 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-20 11:03 . 2009-12-28 12:35 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-02-20 11:03 . 2009-12-28 12:34 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-20 11:03 . 2009-12-28 12:34 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-20 11:03 . 2009-12-28 12:34 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-20 11:03 . 2009-12-28 12:33 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-20 11:03 . 2009-12-28 12:32 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-20 11:03 . 2009-12-28 12:30 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-02-20 11:03 . 2009-12-28 12:34 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-20 11:03 . 2009-12-28 12:30 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-20 11:03 . 2009-12-04 16:27 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-20 11:03 . 2009-12-04 16:27 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 17:37 . 2007-11-07 00:17 651350 ----a-w- c:\windows\system32\perfh007.dat
2010-02-25 17:37 . 2007-11-07 00:17 121114 ----a-w- c:\windows\system32\perfc007.dat
2010-02-24 08:16 . 2009-10-09 18:02 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 11:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-20 11:09 . 2007-11-06 17:07 -------- d-----w- c:\programdata\Microsoft Help
2010-01-24 18:36 . 2008-10-23 16:10 7268 ----a-w- c:\users\Hutschep\AppData\Local\d3d9caps.dat
2010-01-12 20:28 . 2010-01-12 20:28 40960 ----a-r- c:\users\Hutschep\AppData\Roaming\Microsoft\Installer\{90FF23FE-0E1B-40DF-A22E-B4C0372E5936}\ARPPRODUCTICON.exe
2010-01-12 20:28 . 2009-12-09 13:04 -------- d-----w- c:\program files\Iomega
2009-12-18 12:52 . 2010-02-20 11:04 832512 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 12:48 . 2010-02-20 11:04 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-12-18 12:48 . 2010-02-20 11:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 12:48 . 2010-02-20 11:04 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-12-18 12:46 . 2010-02-20 11:04 72704 ----a-w- c:\windows\system32\admparse.dll
2009-12-18 10:18 . 2010-02-20 11:04 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-18 08:45 . 2010-02-20 11:04 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-12-11 12:15 . 2010-02-20 11:04 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:15 . 2010-02-20 11:04 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-09 13:06 . 2009-12-09 13:06 40960 ----a-r- c:\users\Hutschep\AppData\Roaming\Microsoft\Installer\{2C4A5877-21D1-4A15-9D20-24BA54A24093}\NewShortcut1_37AAFC8E02884C139BF635C30B25DC6C.exe
2009-12-09 13:06 . 2009-12-09 13:06 10134 ----a-r- c:\users\Hutschep\AppData\Roaming\Microsoft\Installer\{2C4A5877-21D1-4A15-9D20-24BA54A24093}\ARPPRODUCTICON.exe
2009-12-08 20:19 . 2010-02-20 11:04 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2009-12-08 17:58 . 2010-02-20 11:04 813568 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 17:57 . 2010-02-20 11:04 22016 ----a-w- c:\windows\system32\netiougc.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-02 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-06 1006264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 15:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 15:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-07-12 03:00 132496 ----a-w- c:\program files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 14:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [03.06.2008 08:30 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [17.07.2008 16:01 269760]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [13.06.2008 13:13 41008]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-02-25 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 18:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=HP&pf=laptop
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0A27B9BC-75DC-42C6-A38C-1C2B8F3A78E5} = 192.168.2.1,194.25.2.129
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 19:35
Windows 6.0.6000 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(1504)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Zeit der Fertigstellung: 2010-02-25 19:37:41
ComboFix-quarantined-files.txt 2010-02-25 18:37
Vor Suchlauf: 6 Verzeichnis(se), 162.278.195.200 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 162.352.275.456 Bytes frei
- - End Of File - - FDCC6EA54A25ACBE6164DB141617397D
Unistall list
----------------------------
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Reader 8.1.0 - Deutsch
Adobe Shockwave Player
Atheros Driver Installation Program
Compatibility Pack für 2007 Office System
Conexant HD Audio
CyberLink YouCam
Die Sims™ Lebensgeschichten
DVD Suite
EA Link
ESU for Microsoft Vista
Gehirnjogging - Special Edition
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.30 D2
HP Total Care Advisor
HP Update
HP User Guides 0091
HP Wireless Assistant
Integrated Webcam Driver (1.00.03.0720)
Iomega Product Registration
Java(TM) 6 Update 2
LabelPrint
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
NetWaiting
NVIDIA Drivers
Pizza Connection 2
Playlist tool
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.4
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Windows Media Encoder (KB954156)
SymNet
Synaptics Pointing Device Driver
TuneUp Utilities 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VLC media player 0.9.8a
Windows Live Messenger
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe
WinRAR