Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!

TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!


Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 14.09.2012, 11:45   #1
sleepyweasel
 
TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden! - Standard

TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!


Moin!
Heute hat mir Antivir diesen Virus angezeigt. Ich habe ihn nun erstmal mit Antivir in Quarantäne verschoben, denke aber mal damit ist es nicht getan...

Ich arbeite jetzt einfach mal die Checkliste für die Erstellung eines neuen Threads ab:
- Scan mit Defogger ist fertig --> Soll ich die defogger_disable hier posten?
- Scan mit OTL ist fertig:

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 14.09.2012 12:15:39 - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,35 Gb Available Physical Memory | 79,57% Memory free
15,96 Gb Paging File | 14,22 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 825,78 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
Drive D: | 3,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARTINPC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.14 11:57:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.09.09 19:05:27 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.28 12:01:11 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.01 19:31:55 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.08.01 19:31:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.08 12:57:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 12:57:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.09 19:05:27 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.08.28 12:01:11 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 19:05:27 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.08.28 12:01:11 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.21 14:00:08 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.08 12:57:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 12:57:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.19 23:23:31 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.08 12:57:24 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 12:57:24 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.12.09 13:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2001.08.25 16:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 CF 8F 88 77 4A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 19:05:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 03:45:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012.04.07 17:30:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2012.06.13 03:45:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 19:05:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 03:45:22 | 000,000,000 | ---D | M]
 
[2012.02.05 21:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.02.05 21:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012.07.19 23:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uvboszqi.default\extensions
[2011.12.18 17:40:31 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uvboszqi.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.19 23:24:37 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uvboszqi.default\extensions\DTToolbar@toolbarnet.com
[2012.02.05 21:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\dtoqbpdp.default\extensions
[2012.08.18 12:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.25 13:39:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.09 19:05:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 19:05:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C2B7F02-E533-4B9D-BD6A-1356CA2414D4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{838F2331-10FD-4704-8961-7D92E12789A0}: DhcpNameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{982576BE-7630-44BB-8C3B-0386A1B81C18}: DhcpNameServer = 213.191.92.86 62.109.123.7
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.08.14 02:30:58 | 000,402,696 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.09.02 05:03:53 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007.09.02 05:04:16 | 004,891,648 | R--- | M] () - D:\autorun.dat -- [ UDF ]
O32 - AutoRun File - [2007.09.02 04:56:37 | 000,000,136 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{11663e0d-39e6-11e1-854c-f6b73270862b}\Shell - "" = AutoRun
O33 - MountPoints2\{11663e0d-39e6-11e1-854c-f6b73270862b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{5ba942c7-28b0-11e1-8df1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5ba942c7-28b0-11e1-8df1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007.08.14 02:30:58 | 000,402,696 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.14 12:04:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{2F73AAD5-70DE-44FB-BCE3-276B9D0E69B6}
[2012.09.14 11:56:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.13 13:34:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C2DCD141-3CF7-46F8-831F-8FBE735276C5}
[2012.09.13 00:27:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{D1000EC5-A7D0-4C72-BD1C-24B124A4470B}
[2012.09.12 12:02:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AAEF56A9-C161-40B3-8BC9-BE355D4574F2}
[2012.09.11 17:18:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E0EB9003-37C1-4DB2-9B04-69A2918D8124}
[2012.09.10 19:51:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B6F4EAE5-8B71-428F-A1E6-F024FACEC3EF}
[2012.09.09 16:13:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Sparkasse
[2012.09.09 14:19:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A728389A-0A41-4431-9810-33C1106E8D8F}
[2012.09.08 17:02:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{78CF47A2-4CFB-4FB1-B499-0BAE466BC389}
[2012.09.08 02:00:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{62EFEDAD-4042-4341-A641-0F9C525B1BEC}
[2012.09.06 16:05:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{40342085-6A35-4615-9EFB-0D6C5A1605D1}
[2012.09.06 02:20:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E18E282F-896F-4E24-85B7-8D3C7C4DBE1E}
[2012.09.04 23:08:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{9987C7E1-70B3-40C5-86DB-1B599407B212}
[2012.09.04 09:32:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C232204D-B7D6-458A-AED8-06644A38C016}
[2012.09.03 15:08:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{F9442EBC-3E4E-46DA-BD7D-F1374F761FF8}
[2012.09.03 12:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.09.03 12:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.09.02 11:59:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{4B516E3B-ADB2-481A-B85C-7FCBA00B9955}
[2012.09.01 17:56:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5C19D1AC-ECAB-4DB5-9C0D-6862613AC7B3}
[2012.09.01 17:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.08.31 13:28:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{AD61A045-7615-42C6-8D79-06CCFD720F8A}
[2012.08.30 09:05:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{C43BE9D8-2C82-49C1-9DAD-3FB16E7552C0}
[2012.08.29 12:43:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{463EDA41-5AF0-46E8-8184-D89EC1E25187}
[2012.08.28 14:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Olel
[2012.08.28 14:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nipya
[2012.08.28 12:01:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FBE46101-AD61-4037-892E-ED25F38AB0C6}
[2012.08.26 16:50:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{EE4C71DE-4BE8-4214-A740-5E40AE1E9191}
[2012.08.24 12:50:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8A25A33A-F589-41DA-A784-105AF5362A45}
[2012.08.22 10:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoC 1.0e Patch
[2012.08.21 12:07:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{50E20E13-A412-4BBB-82B6-7F21E0FFFD27}
[2012.08.20 12:48:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.08.20 12:46:18 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2012.08.20 12:45:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\gegl-0.0
[2012.08.20 12:45:31 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.6
[2012.08.19 16:12:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{96A42FD6-29CA-484F-9279-0F50E217C071}
[2012.08.19 11:51:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6F8DB249-4D3C-4FE8-8281-1DC6252C70B8}
[2012.08.18 01:29:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{8FC7E11B-78BC-4E45-B3EA-E517AC0AA9B5}
[2012.08.16 12:28:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{E3E67CB6-3B80-4974-9553-90207114F327}
[2012.08.16 12:28:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{59DFEA1D-87DB-4F86-9D40-FD00219F60C1}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.14 12:14:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.09.14 12:13:36 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.09.14 11:57:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.14 11:50:42 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.14 11:50:42 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.14 11:47:41 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.14 11:47:41 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.14 11:47:41 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.14 11:47:41 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.14 11:47:41 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.14 11:43:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.14 11:43:17 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.14 00:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.07 13:48:23 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2012.09.03 12:10:40 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.08.20 21:03:15 | 000,069,416 | ---- | M] () -- C:\Users\***\Desktop\studentenwerk_dresden_lastschriftmandat.pdf
[2012.08.20 12:46:18 | 000,000,851 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.08.17 12:13:26 | 000,303,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.16 23:29:11 | 000,000,017 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2012.08.16 19:49:18 | 000,010,586 | ---- | M] () -- C:\Users\***\Desktop\BAK.ods
 
========== Files Created - No Company Name ==========
 
[2012.09.14 12:14:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.09.14 12:13:36 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.09.07 13:48:23 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2012.08.22 10:40:26 | 000,003,059 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoE2Wide.lnk
[2012.08.20 21:03:15 | 000,069,416 | ---- | C] () -- C:\Users\***\Desktop\studentenwerk_dresden_lastschriftmandat.pdf
[2012.08.20 12:46:18 | 000,000,851 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.08.16 23:29:11 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2012.07.20 00:20:13 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.11 04:06:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
 
========== LOP Check ==========
 
[2012.08.06 00:10:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.07.19 23:25:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.06.05 23:19:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Das Fussball Studio
[2012.06.02 15:48:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.12.18 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.20 12:48:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.02.05 21:08:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ips
[2012.09.14 11:41:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nipya
[2012.09.13 23:23:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Olel
[2011.12.18 15:26:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.02 16:49:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Power Sound Editor Free
[2012.06.05 14:09:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp
[2012.01.04 22:55:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.06.29 11:51:59 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extra.txt:

Code:
ATTFilter
OTL Extras logfile created on: 14.09.2012 12:15:39 - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,35 Gb Available Physical Memory | 79,57% Memory free
15,96 Gb Paging File | 14,22 Gb Available in Paging File | 89,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 825,78 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
Drive D: | 3,53 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARTINPC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A0CF85-DA38-4384-B9DD-14214B56BA62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{074F09F5-249C-4B62-9E01-D086CDC92143}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{18F6F02E-65AD-45A4-8459-E2119B22561E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{19DCF556-5D57-4FA9-A920-BEE7AADC122D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C2257AC-B8AC-42D2-B35B-1853B81D18D8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3D399FD5-E406-4055-86AE-C659756FB51F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40CC2BAD-AA3B-4387-BB32-33A82344F970}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{504EA20B-2696-4BE9-A7C3-A8AE9FA3D2B6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6775AEBF-96C3-4FCD-8739-350F5821FDE3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{68D8292B-ECE6-4D09-9EE3-1D50EB0B13A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6962A269-A580-4F64-9A92-64DF39883FB1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6CF82AA3-D2CB-40F9-99B4-35EF59C00B34}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6F7B2C99-3906-491B-824C-1769065D9AEB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80A6DFDE-F000-42FF-A412-6EE0A1CA02FD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{832B648C-E4E6-4D66-8AEC-4DB0909CC844}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8442DAF8-D191-4969-995E-2C04265F9DEF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8D63E13C-C39D-4FC6-830B-402DA928AA80}" = lport=137 | protocol=17 | dir=in | app=system | 
"{94395B05-E2E8-4A86-94A3-9BF19EB8BE14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{99D872A0-DAC0-4AA2-AEDC-B3E4FB8C8139}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9DAEED6A-1121-4ED5-92D4-6671349E2DE4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A64E56F8-92CB-418C-A7AA-984A937E0A69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C7C02697-B340-4847-8164-5E704C8B97D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C82CE8AD-CE09-4D99-A693-77CB59D30F39}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EF7758FD-024B-41E1-9D8D-B25EB606F65F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F1FD09FA-0699-45E7-8896-8DA4F231662A}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3157B6-78B0-416A-AAF2-CCEF43124EE8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{100A0043-E327-412F-9BC2-C8F92FE0445B}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"{10BA955F-1C51-487C-878E-81D224A57C54}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{23782B70-BB9A-4BFD-9EFD-5C7F04387188}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1920x1080.exe | 
"{263F459D-6292-44F5-9341-6BF8638D047F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{34638C7F-EAE6-4B22-9E32-12E1016A2873}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{35FC3DFC-5956-4CE5-B17A-E21078AC70F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3CE675F5-ACD3-4D40-A655-85C5F722FB22}" = protocol=6 | dir=out | app=system | 
"{3FD09552-7993-4D74-8B39-76BD8E530FD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4196AF7A-0B91-443E-B618-6D650A94B720}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53F03F0D-9EDA-41AB-8B61-1EDEA66844F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{578609C5-A955-4F0A-8581-AE0718D876EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5A406AD7-DFCC-483F-9478-D105E679CAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe | 
"{5E1F0501-C189-48CA-86F9-4338ABE1580D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{608838CE-088E-413B-8B9C-9F5BCD2AA04C}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe | 
"{63EFB37A-1D23-4437-942E-2678DAAB8D63}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6DDE1F2E-D8BF-4135-8D9A-791FCC2EE048}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe | 
"{6E5BED65-BA72-4EBF-80C5-7C76030A5165}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{75F5A8CC-26C6-40E0-A8C4-D305D86D6991}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7E34A096-73C5-4A7E-AB6D-02311A3B340A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1920x1080.exe | 
"{81C36C47-3683-4833-9FD3-DCDB6E85992C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{87877D7F-421E-47E7-A6DD-4CDB5A6B5B31}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"{8AF97F27-D35A-4366-B9BB-6FB57BB764DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BBB04EE-EAA6-4CB3-B26E-22022CF01CEA}" = protocol=58 | dir=in | app=system | 
"{8F1344FA-995C-469F-BEB7-764E17927059}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9450AD86-F5B0-4117-A628-9F6D630C284E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{96B5CC32-950E-44B5-9CD9-1F067DFD004F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9A21B6D5-0DAE-42FC-AC6F-C943E2D84E20}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9C289CD3-A739-4D06-B6DB-663CE39F6ADB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A440C5A3-1604-4A3B-8779-59CFBB210416}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A8670780-3F2A-42AC-B42E-61E83A83CE5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{AEC7585E-C487-4788-A9EB-C6AA215ECEAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B76C6D9B-7FCC-4455-A480-4670AD9C05E2}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{B9C904AA-F7D8-4CB1-A40B-16BC8FC9DCDE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C5842152-86C6-4765-8AE0-D846ECC38B72}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CF43A201-2C2A-45D6-AC1B-6C7A7019A592}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{D2A521EE-DDC1-4B68-9FE0-DA7CB7C17116}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe | 
"{DA9313EC-6197-4575-B7AE-DBBBD4215984}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"{DDD63F36-A944-4333-8A17-636C955D145C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EAF0D7F9-28DB-4130-A1E2-DD5BDEDB4BBA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F050E92D-8793-4D59-925B-41533EA75806}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F870ACC4-CDF6-48B8-9FB9-7B7C6DC8063B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F9B20AF1-47A9-4EC5-9A74-83B40834FA9A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{FF6BDD17-737E-434E-9886-586C634F15D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{020AAAF5-E726-4ECD-B767-9E3244F521D1}C:\program files (x86)\sierra\swat 4\contentexpansion\system\swat4x.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\swat 4\contentexpansion\system\swat4x.exe | 
"TCP Query User{108F4845-19C8-467C-B832-6F3FC604B997}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{185B37C3-74D1-455D-9279-644D9CA73990}C:\users\***\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\call of duty 2\cod2mp_s.exe | 
"TCP Query User{19E34683-D4FA-4752-B817-BBE4FD2E6E8B}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{3A4B2D07-601B-469F-973B-220082966684}C:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe | 
"TCP Query User{4049360B-DB46-4942-AD19-B1121A227EEE}C:\users\***\appdata\local\temp\rarsfx1\hl.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\rarsfx1\hl.exe | 
"TCP Query User{40DA582F-C497-49FA-8631-63C7164A3102}C:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe | 
"TCP Query User{44F57DA4-96F7-4168-A15D-05F2CACF7419}C:\users\***\appdata\local\temp\rarsfx0\hl.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\rarsfx0\hl.exe | 
"TCP Query User{4927AB22-1408-499B-9E33-CA7CE1ACD469}C:\users\***\appdata\roaming\nipya\xuar.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\nipya\xuar.exe | 
"TCP Query User{554659E5-3CE0-4A30-B9FB-F0C701395924}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"TCP Query User{582ECAE8-01D1-463E-BC5C-835A1EE891DA}C:\users\***\appdata\roaming\nipya\xuar.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\nipya\xuar.exe | 
"TCP Query User{7665CBDC-9AEF-490F-9E99-DBCC1B1C2DD1}C:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0c_1920x1080.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0c_1920x1080.exe | 
"TCP Query User{8A467ADF-7897-447F-9913-4BD2B43C2CFD}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{8C42F64D-8066-4099-8B15-DD888E95CB62}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe | 
"TCP Query User{A1B9E879-A10B-4194-8577-8597A1450A94}C:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1920x1080.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1920x1080.exe | 
"TCP Query User{A66B0BB6-8FAB-47B3-80E5-F6FCC9E31A3C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0c_1920x1080.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0c_1920x1080.exe | 
"TCP Query User{ADD61675-DEB7-4492-941A-C2599C2EC410}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"TCP Query User{AFE13B0A-668E-4CC1-9158-759D484763C6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{E4065CD7-DCA9-4F2A-AFCD-A2AFD96923DC}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe | 
"TCP Query User{E99E0C1B-DB1D-4110-A3E5-C90F9A7DA948}C:\users\***\desktop\spiele\worms\worms3d\bin\worms3d.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\spiele\worms\worms3d\bin\worms3d.exe | 
"TCP Query User{EEC53AE4-CF7A-48AC-992C-9BD5F987D70C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{1A9068A4-F973-40EA-8D8F-12A3EC1CD30F}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{206E0D14-3BD3-4B26-9ECC-9BFE6805955D}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{2F907587-CBBA-4953-96A1-2465B9DDB364}C:\program files (x86)\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe | 
"UDP Query User{3759F051-0085-41A0-86F8-BCC939E95B6A}C:\users\***\appdata\local\temp\rarsfx1\hl.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\rarsfx1\hl.exe | 
"UDP Query User{42B8F1F5-D53A-411E-9B07-4117ECFD0A29}C:\users\***\desktop\spiele\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\call of duty 2\cod2mp_s.exe | 
"UDP Query User{5F9BCA23-C576-4E1B-97D0-C769177D096D}C:\users\***\desktop\spiele\worms\worms3d\bin\worms3d.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\spiele\worms\worms3d\bin\worms3d.exe | 
"UDP Query User{5FF499F9-DB3B-408A-AC7A-0E88447FB191}C:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\crytek\far cry\bin32\farcry.exe | 
"UDP Query User{6CED6FD4-BE9B-49BF-9023-A3F2D6C1C7C6}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{85C078F9-9CC8-4569-8376-5CA318A9789C}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{CE256F44-D4A0-4DD8-BCC5-F3A2569B1B72}C:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1920x1080.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0e_1920x1080.exe | 
"UDP Query User{D679FA06-26B8-4B7F-BC01-D0D5833A8ED6}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{DBFBF6D3-4318-421F-A296-68212F59D19C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0c_1920x1080.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0c_1920x1080.exe | 
"UDP Query User{DEA504BE-8AF6-4B18-882D-AD41D5E92AFB}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe | 
"UDP Query User{E2426910-3C59-434F-9609-3B62C986A861}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe | 
"UDP Query User{E4BD2D06-261E-41D0-8F10-9E8839D80FB6}C:\users\***\appdata\roaming\nipya\xuar.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\nipya\xuar.exe | 
"UDP Query User{E8523386-53EC-4B1A-BA20-004A978AE743}C:\users\***\appdata\local\temp\rarsfx0\hl.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\rarsfx0\hl.exe | 
"UDP Query User{EA935256-68B9-489A-BB30-B3CE7129FDC4}C:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0c_1920x1080.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1_1.0c_1920x1080.exe | 
"UDP Query User{EFD55632-B973-4800-9E0B-61A6BA4FC659}C:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{F76FB2E3-4FAB-4371-A56C-B1C8988B9EC5}C:\users\***\appdata\roaming\nipya\xuar.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\nipya\xuar.exe | 
"UDP Query User{F95ACDC2-7D15-43FC-BC9F-741009203BF7}C:\program files (x86)\sierra\swat 4\contentexpansion\system\swat4x.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\swat 4\contentexpansion\system\swat4x.exe | 
"UDP Query User{FF7A0AA0-EE5C-4860-B9D0-2AEF9C5802C6}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}" = Age of Empires II - the Conquerors WideScreen Patcher
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1" = Age of Empires II - The Conquerors - 1.0e Patch FINAL
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EADM" = EA Download Manager
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Studio_is1" = Free Studio version 5.3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Power Sound Editor Free" = Power Sound Editor Free
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.09.2012 11:01:46 | Computer Name = MartinPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7051
 
Error - 13.09.2012 11:01:46 | Computer Name = MartinPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7051
 
Error - 13.09.2012 11:01:47 | Computer Name = MartinPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 13.09.2012 11:01:47 | Computer Name = MartinPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8049
 
Error - 13.09.2012 11:01:47 | Computer Name = MartinPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8049
 
Error - 13.09.2012 12:23:47 | Computer Name = MartinPC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.09.2012 13:42:26 | Computer Name = MartinPC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.09.2012 05:33:23 | Computer Name = MartinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2012 05:45:03 | Computer Name = MartinPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2012 05:58:36 | Computer Name = MartinPC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.3.0.33 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b1c    Startzeit: 
01cd925e174f58f7    Endzeit: 60000    Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
 Desktop\avscan.exe    Berichts-ID: 8b43a9eb-fe52-11e1-a67f-50e549b5ed26  
 
[ System Events ]
Error - 21.06.2012 04:52:04 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 21.06.2012 04:52:04 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 22.06.2012 06:42:34 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 22.06.2012 06:42:34 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 23.06.2012 05:40:16 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 23.06.2012 05:40:16 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 24.06.2012 09:41:44 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 24.06.2012 09:41:44 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 25.06.2012 05:39:00 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
Error - 25.06.2012 05:39:00 | Computer Name = MartinPC | Source = WMPNetworkSvc | ID = 866306
Description = 
 
 
< End of report >
Vielen Dank schonmal für jede Hilfe, die ich bekommen!

 

Themen zu TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!
7-zip, antivir, autorun, avira, bho, bonjour, checkliste, converter, error, firefox, flash player, helper, home, install.exe, logfile, mozilla, mp3, nexus, nvidia update, plug-in, rarsfx0, realtek, registry, rundll, scan, security, sierra, software, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, virus, windows, windows7


« 100 Eurovirus unter Windows7 loswerden | PWS:Win32/Fareit.gen!A »


Ähnliche Themen: TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!


  1. C:\Users\name\AppData\Roaming\Microsoft\Windows\Recent\wmpnetwk.dll - nicht gefunden
    Log-Analyse und Auswertung - 14.09.2014 (13)
  2. Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe
    Log-Analyse und Auswertung - 22.08.2014 (6)
  3. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  4. Win32/Zbot.gen!AM in C:\Users\***\AppData\Roaming\Wexyt\ynim.exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  5. TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (9)
  6. Mit Malwarebytes C:\Users\Zig\AppData\Roaming\Ygowq\irqy.exe (Trojan.ZbotR.Gen) gefunden.
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (6)
  7. TR/Crypt.EPACK.Gen8 in C:\Users\***\AppData\Roaming\45E4CC\45E4CC.exe
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (14)
  8. Mit Malwarebytes C:\Users\Zig\AppData\Roaming\Ygowq\irqy.exe (Trojan.ZbotR.Gen) gefunden.
    Mülltonne - 07.02.2013 (1)
  9. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  10. TR/Crypt.XPACK.Gen8 in C:\Users\main\AppData\Local\Temp\aromecxsnw.exe
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  11. TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (24)
  12. TR/Crypt.ZPACK.Gen8 in C:\Users\XXX\AppData\Local\Temp\msimg32.dll
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (27)
  13. TR/Dropper.VB.Gen in C:\Users\Julia\AppData\Roaming... gefunden
    Log-Analyse und Auswertung - 07.07.2012 (2)
  14. TR/Crypt.ZPACK.Gen2 [trojan] in C:\Users\user\AppData\Roaming\Spotify\spotify.exe | Avira Profession
    Log-Analyse und Auswertung - 29.06.2012 (3)
  15. C:\Users\XXXX\AppData\Roaming\Emwoe\ovews.exe -- ein TR/Crypt.xpack.gen
    Log-Analyse und Auswertung - 05.05.2011 (4)
  16. 'TR/Crypt.FKM.Gen' [trojan] in C:\Users\Elvis\AppData\Roaming\29388\mscjm.exe
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (14)
  17. Trojaner TR/Crypt.XPACK.Gen in C:\Users\***\AppData\Local\Temp\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (23)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden! - Moin! Heute hat mir Antivir diesen Virus angezeigt. Ich habe ihn nun erstmal mit Antivir in Quarantäne verschoben, denke aber mal damit ist es nicht getan... Ich arbeite jetzt einfach - TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131