|
Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPack.GEN3 - ich werd ihn nicht losWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.10.2010, 22:40 | #1 |
| TR/Crypt.XPack.GEN3 - ich werd ihn nicht los OTL by Oltime installiert, scans gemacht, und nu???????? OTL logfile created on: 20.10.2010 16:26:00 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Dokumente und Einstellungen\Viviana\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 288,43 Gb Total Space | 205,30 Gb Free Space | 71,18% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 64,28 Gb Free Space | 27,60% Space Free | Partition Type: NTFS Drive I: | 9,66 Gb Total Space | 1,32 Gb Free Space | 13,66% Space Free | Partition Type: NTFS Computer Name: HISPANOP-B19EF6 | User Name: Viviana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Viviana\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Luidia\eBeam Device Service\eBeamDeviceServiceUI.exe (Luidia, Inc.) PRC - C:\Programme\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe (Luidia, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe (Research In Motion Limited) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Research In Motion\USB Drivers\BbDevMgr.exe (Research In Motion Limited) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe (InnerPass, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Live365\Radio365\Radio365_Dlg.exe (Live365) PRC - C:\Programme\Live365\Radio365\Radio365TrayAgent.exe (Live365) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ClocX\ClocX.exe (BonSoft) PRC - C:\Programme\Duden\Duden Korrektor\DKCore.exe (Expert System S.p.A.) PRC - C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) PRC - C:\Programme\ScanSoft\OmniPageSE2.0\opwareSE2.exe (ScanSoft, Inc.) PRC - C:\Programme\3M\PSN2Lite\Psn2Lite.exe (3M) PRC - C:\Programme\3M\PSN2Lite\PSNGive.exe (3M) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Viviana\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (eBeam Device Service) -- C:\Programme\Luidia\eBeam Device Service\eBeamDeviceServiceMain.exe (Luidia, Inc.) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (RoxLiveShare9) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions) SRV - (RoxWatch9) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions) SRV - (RoxMediaDB9) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found DRV - (PalmUSBD) -- C:\WINDOWS\System32\drivers\PalmUSBD.sys File not found DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (camvid20) -- C:\WINDOWS\system32\drivers\camdrv21.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/ IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.15 07:08:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.15 07:08:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.15 16:02:13 | 000,000,000 | ---D | M] [2010.10.02 15:42:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\Mozilla\Firefox\Profiles\az06mt4g.default\extensions [2009.10.09 12:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\Mozilla\Firefox\Profiles\az06mt4g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.02 15:42:11 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\Mozilla\Firefox\Profiles\az06mt4g.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2009.10.09 12:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\Mozilla\Firefox\Profiles\az06mt4g.default\extensions\staged-xpis [2010.07.11 16:01:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\Mozilla\Firefox\Profiles\az06mt4g.default\extensions\toolbar@ask.com [2010.09.10 15:05:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.09.10 15:05:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2009.02.01 18:04:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org [2009.02.01 18:04:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2008.12.17 17:34:33 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll [2008.12.17 17:34:33 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll [2008.12.17 17:34:33 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll [2008.12.17 17:34:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll [2008.12.17 17:34:33 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2006.08.24 16:07:50 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.11.23 09:51:36 | 000,002,204 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml [2006.08.24 16:07:50 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2006.11.10 06:42:00 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2006.11.10 17:32:03 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll File not found O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ClocX] C:\Programme\ClocX\ClocX.exe (BonSoft) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NBAgent] C:\Programme\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OpwareSE2] C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [RoxWatchTray] C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) O4 - HKCU..\Run: [Innerpass] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerpassFileSharing.exe (InnerPass, Inc.) O4 - HKCU..\Run: [InternetCalls] C:\Programme\InternetCalls.com\InternetCalls\InternetCalls.exe File not found O4 - HKCU..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [NBJ] C:\Programme\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) O4 - HKCU..\Run: [Radio365Agent] C:\Programme\Live365\Radio365\Radio365TrayAgent.exe (Live365) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Desktop Manager.lnk = C:\Programme\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Post-it® Software Notes Lite.lnk = C:\Programme\3M\PSN2Lite\Psn2Lite.exe (3M) O4 - Startup: C:\Dokumente und Einstellungen\Viviana\Startmenü\Programme\Autostart\Analoguhr.lnk = C:\Dokumente und Einstellungen\Viviana\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für clock[1].zip\CLOCK.EXE File not found O4 - Startup: C:\Dokumente und Einstellungen\Viviana\Startmenü\Programme\Autostart\Desktop Manager.lnk = C:\Programme\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited) O4 - Startup: C:\Dokumente und Einstellungen\Viviana\Startmenü\Programme\Autostart\palmOne Registration.lnk = C:\Programme\palmOne\register.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programme\PicLensIE\cooliris.dll File not found O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/46.18/uploader2.cab (UploadListView Class) O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control) O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://register.facebook.com/controls/contactx.dll (ContactExtractor Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} https://img.web.de/v/mail/activex/fa_os_mms/upload_1141.cab (WEBDE Fotoalbum Upload Control) O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Viviana\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Viviana\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.12 01:18:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.20 16:24:46 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Viviana\Desktop\OTL.exe [2010.10.19 14:45:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.10.17 10:25:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure [2010.10.12 20:15:08 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.12 20:15:07 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.12 20:14:49 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.11 22:24:40 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Viviana\Eigene Dateien\Mis archivos de origen de datos [2010.10.11 17:24:36 | 000,000,000 | ---D | C] -- C:\NETWORK_RES [2010.10.11 17:09:37 | 000,000,000 | ---D | C] -- C:\Programme\Duden [2010.10.03 21:12:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\FreeBurner [2010.10.03 14:48:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\softonic-de3 [2010.10.02 15:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\PriceGong [2010.10.02 15:42:13 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.10.02 15:42:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Viviana\Lokale Einstellungen\Anwendungsdaten\Conduit [2010.10.02 15:42:12 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3 [2010.10.02 15:42:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Viviana\Lokale Einstellungen\Anwendungsdaten\softonic-de3 [2010.10.02 15:41:50 | 000,000,000 | ---D | C] -- C:\Programme\ClocX [2010.10.02 14:29:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2010.09.25 20:37:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.09.22 21:55:45 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx [2010.09.22 21:55:44 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2010.09.22 21:55:44 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2010.09.22 21:55:44 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2010.09.22 21:55:44 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL [2010.09.22 21:55:44 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL [2010.09.22 21:55:44 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX [2010.09.22 21:55:44 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL [2010.09.22 21:55:44 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll [2010.09.22 21:55:44 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL [2010.09.22 21:55:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL [2010.09.22 21:55:43 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll [2010.09.22 21:55:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll [2010.09.22 21:55:43 | 000,000,000 | ---D | C] -- C:\Programme\Free Easy Burner [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.20 16:24:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Viviana\Desktop\OTL.exe [2010.10.20 16:22:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.20 16:06:31 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89E5A3B7-EC22-46BD-9C30-5B41206D4212}.job [2010.10.20 16:01:02 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.10.20 12:22:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.20 03:08:57 | 000,489,568 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.20 03:08:57 | 000,446,664 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.20 03:08:57 | 000,097,238 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.20 03:08:57 | 000,073,870 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.19 22:54:02 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1303643608-725345543-1004.job [2010.10.19 22:54:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1303643608-725345543-1004.job [2010.10.19 22:04:58 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.19 22:02:27 | 000,181,436 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.10.19 22:02:24 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job [2010.10.19 22:02:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.19 21:25:04 | 000,036,363 | ---- | M] () -- C:\WINDOWS\CSTBox.INI [2010.10.18 18:18:11 | 000,087,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Viviana\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.18 16:29:42 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job [2010.10.16 13:47:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.13 03:31:57 | 000,337,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.13 03:15:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.02 14:05:02 | 000,001,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Viviana\Startmenü\Programme\Autostart\Analoguhr.lnk [9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.02 14:04:21 | 000,001,122 | ---- | C] () -- C:\Dokumente und Einstellungen\Viviana\Startmenü\Programme\Autostart\Analoguhr.lnk [2010.10.01 13:41:22 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{89E5A3B7-EC22-46BD-9C30-5B41206D4212}.job [2010.09.30 19:54:44 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1303643608-725345543-1004.job [2010.09.22 21:55:45 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL [2010.09.22 21:55:44 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2010.09.22 21:55:43 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2010.09.20 18:01:56 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job [2010.09.20 18:01:56 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job [2010.09.02 19:48:59 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll [2010.08.22 11:38:15 | 000,001,386 | ---- | C] () -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\Rim.Desktop.Exception.log [2010.08.16 21:01:08 | 000,002,265 | ---- | C] () -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\Rim.Desktop.HttpServerSetup.log [2010.02.22 18:31:22 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2009.08.05 22:18:53 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009.08.05 22:18:53 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009.08.05 22:18:02 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\$_hpcst$.hpc [2009.07.28 13:53:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI [2009.04.27 18:14:14 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll [2009.04.27 18:14:14 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll [2009.03.16 19:46:48 | 000,009,382 | ---- | C] () -- C:\Dokumente und Einstellungen\Viviana\Anwendungsdaten\Valores separados por comas (Windows).EML [2009.03.05 07:46:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.03.02 21:14:59 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009.03.02 18:21:16 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2009.02.08 22:55:25 | 000,087,552 | ---- | C] () -- C:\Dokumente und Einstellungen\Viviana\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.06 22:00:18 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.02.03 22:37:15 | 000,046,512 | ---- | C] () -- C:\WINDOWS\System32\EPSN.DLL [2009.02.03 22:37:15 | 000,012,126 | ---- | C] () -- C:\WINDOWS\System32\PIXPCZ.DLL [2009.02.03 22:37:15 | 000,011,934 | ---- | C] () -- C:\WINDOWS\System32\PIXPNR.DLL [2009.01.19 23:43:01 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2009.01.18 14:37:12 | 002,351,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Viviana\Lokale Einstellungen\Anwendungsdaten\cooliris-win-ie-release-1.9.1.17582.msi [2009.01.12 01:43:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2009.01.12 01:42:39 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL [2009.01.12 01:20:30 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2009.01.11 17:08:51 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.05.27 00:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.27 00:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.27 00:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.06.29 02:43:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2007.06.29 02:43:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2007.06.29 02:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2007.06.29 02:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2007.06.29 02:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004.08.04 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004.08.04 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004.08.04 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004.08.04 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004.08.04 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2001.01.17 12:43:50 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\PSNShare.dll < End of report > OTL Extras logfile created on: 20.10.2010 16:26:00 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Dokumente und Einstellungen\Viviana\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 288,43 Gb Total Space | 205,30 Gb Free Space | 71,18% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 64,28 Gb Free Space | 27,60% Space Free | Partition Type: NTFS Drive I: | 9,66 Gb Total Space | 1,32 Gb Free Space | 13,66% Space Free | Partition Type: NTFS Computer Name: HISPANOP-B19EF6 | User Name: Viviana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service data transfer "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software music sync service discovery ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\Programme\InternetCalls.com\InternetCalls\InternetCalls.exe" = C:\Programme\InternetCalls.com\InternetCalls\InternetCalls.exe:*:Enabled:InternetCalls -- File not found "C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal) "C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Programme\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{23B72D50-1C7E-491C-8086-9E060051D316}" = Manual CanoScan LiDE 60 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{2A329709-A0F3-11D0-9501-444553540000}_is1" = PocketMirror (Standard Edition) 4.3.1 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5B5B1BD4-1450-355C-92AF-2DA0C9DF1A7F}" = PicLens for Internet Explorer "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0 "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7B63B2922B174135AFC0E1377DD81EC2}" = "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8AFA06F7-E60E-43DE-AF33-5552C801B73A}" = Duden Korrektor "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90120000-0010-0C0A-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Spanish) 12 "{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007 "{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISER_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007 "{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISER_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007 "{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISER_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007 "{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISER_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007 "{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISER_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007 "{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISER_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007 "{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISER_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISER_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007 "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007 "{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007 "{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISER_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007 "{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISER_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007 "{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISER_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007 "{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISER_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BDFE199D-E889-4BB6-BECB-C4BDF5700849}" = Documents To Go "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0 "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EB3DF81F-5E70-4722-9D99-C1FC3EEF4DE1}" = Roxio Media Manager "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F4B35ADF-B630-4DCC-BDD7-FFC04A5C7C51}" = BlackBerry Desktop Software 4.6 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BlackBerry_{F4B35ADF-B630-4DCC-BDD7-FFC04A5C7C51}" = BlackBerry Desktop Software 4.6 "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0 "Canon Setup Utility 2.0" = Canon Setup Utility 2.0 "CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200 "ClocX" = ClocX (1.5b2) "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox "eBeamCapture_is1" = eBeam Capture 2.3 "eBeamDeviceService_is1" = eBeam Device Service 2.3.3 "eBeamInteract_is1" = eBeam Interact 2.3.3 "ENTERPRISER" = Microsoft Office Enterprise 2007 "Free Easy Burner_is1" = Free Easy Burner V 4.1 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{8AFA06F7-E60E-43DE-AF33-5552C801B73A}" = Duden Korrektor "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MindManager 2002" = MindManager 2002 "Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "PSN2" = Post-it® Software Notes Lite Version 2 "Radio365 2.1" = Radio365 2.1 "RealPlayer 12.0" = RealPlayer "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SereneScreen Marine Aquarium 2.6_is1" = SereneScreen Marine Aquarium 2.6 "softonic-de3 Toolbar" = softonic-de3 Toolbar "VLC media player" = VLC media player 0.9.8a "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.10.2010 04:15:22 | Computer Name = HISPANOP-B19EF6 | Source = ESENT | ID = 489 Description = wuauclt (4524) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 18.10.2010 04:15:22 | Computer Name = HISPANOP-B19EF6 | Source = ESENT | ID = 455 Description = wuaueng.dll (4524) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 18.10.2010 17:27:09 | Computer Name = HISPANOP-B19EF6 | Source = BackItUp5 | ID = 5225 Description = Error - 18.10.2010 18:21:34 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 | ID = 2000 Description = Accepted Safe Mode action : Microsoft Office Outlook. Error - 18.10.2010 18:26:50 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 | ID = 2000 Description = Accepted Safe Mode action : Microsoft Office Word. Error - 18.10.2010 19:43:36 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57, faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault address 0x00060f75. Error - 18.10.2010 20:15:41 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application outlook.exe, version 12.0.6539.5000, stamp 4c12486d, faulting module olmapi32.dll, version 12.0.6538.5000, stamp 4bfc6ad9, debug? 0, fault address 0x00051c7c. Error - 18.10.2010 20:21:50 | Computer Name = HISPANOP-B19EF6 | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\VIVIANA\EIGENE DATEIEN\DOKUMENTE\BERUF\1. CAQ\1 DAM\DRAMA\DIE RÄUBER\2010-10 V B DI DIE RÄUBER-ÜBERSICHT.MMP> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 19.10.2010 23:02:37 | Computer Name = HISPANOP-B19EF6 | Source = BackItUp5 | ID = 5225 Description = Error - 20.10.2010 17:14:22 | Computer Name = HISPANOP-B19EF6 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ Application Events ] Error - 18.10.2010 04:15:22 | Computer Name = HISPANOP-B19EF6 | Source = ESENT | ID = 489 Description = wuauclt (4524) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error - 18.10.2010 04:15:22 | Computer Name = HISPANOP-B19EF6 | Source = ESENT | ID = 455 Description = wuaueng.dll (4524) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. Error - 18.10.2010 17:27:09 | Computer Name = HISPANOP-B19EF6 | Source = BackItUp5 | ID = 5225 Description = Error - 18.10.2010 18:21:34 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 | ID = 2000 Description = Accepted Safe Mode action : Microsoft Office Outlook. Error - 18.10.2010 18:26:50 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 | ID = 2000 Description = Accepted Safe Mode action : Microsoft Office Word. Error - 18.10.2010 19:43:36 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application winword.exe, version 12.0.6545.5000, stamp 4c653e57, faulting module wwlib.dll, version 12.0.6545.5000, stamp 4c653fe2, debug? 0, fault address 0x00060f75. Error - 18.10.2010 20:15:41 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 | ID = 1000 Description = Faulting application outlook.exe, version 12.0.6539.5000, stamp 4c12486d, faulting module olmapi32.dll, version 12.0.6538.5000, stamp 4bfc6ad9, debug? 0, fault address 0x00051c7c. Error - 18.10.2010 20:21:50 | Computer Name = HISPANOP-B19EF6 | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\VIVIANA\EIGENE DATEIEN\DOKUMENTE\BERUF\1. CAQ\1 DAM\DRAMA\DIE RÄUBER\2010-10 V B DI DIE RÄUBER-ÜBERSICHT.MMP> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 19.10.2010 23:02:37 | Computer Name = HISPANOP-B19EF6 | Source = BackItUp5 | ID = 5225 Description = Error - 20.10.2010 17:14:22 | Computer Name = HISPANOP-B19EF6 | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ OSession Events ] Error - 02.10.2010 14:12:45 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 767 seconds with 180 seconds of active time. This session ended with a crash. Error - 04.10.2010 19:16:28 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 361 seconds with 60 seconds of active time. This session ended with a crash. Error - 05.10.2010 23:56:05 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1864 seconds with 300 seconds of active time. This session ended with a crash. Error - 06.10.2010 17:37:35 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 493 seconds with 60 seconds of active time. This session ended with a crash. Error - 07.10.2010 21:27:12 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1879 seconds with 1620 seconds of active time. This session ended with a crash. Error - 11.10.2010 22:30:26 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1907 seconds with 1320 seconds of active time. This session ended with a crash. Error - 12.10.2010 23:13:25 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 753 seconds with 120 seconds of active time. This session ended with a crash. Error - 15.10.2010 17:23:14 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 212 seconds with 0 seconds of active time. This session ended with a crash. Error - 18.10.2010 19:43:34 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 906 seconds with 660 seconds of active time. This session ended with a crash. Error - 18.10.2010 20:15:36 | Computer Name = HISPANOP-B19EF6 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 547 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 18.10.2010 10:58:51 | Computer Name = HISPANOP-B19EF6 | Source = F-Secure Standalone Minifilter | ID = 327681 Description = Error - 18.10.2010 11:00:29 | Computer Name = HISPANOP-B19EF6 | Source = F-Secure Standalone Minifilter | ID = 327681 Description = Error - 18.10.2010 11:02:07 | Computer Name = HISPANOP-B19EF6 | Source = F-Secure Standalone Minifilter | ID = 327681 Description = Error - 18.10.2010 11:03:44 | Computer Name = HISPANOP-B19EF6 | Source = F-Secure Standalone Minifilter | ID = 327681 Description = Error - 18.10.2010 11:05:53 | Computer Name = HISPANOP-B19EF6 | Source = F-Secure Standalone Minifilter | ID = 327681 Description = Error - 18.10.2010 11:21:43 | Computer Name = HISPANOP-B19EF6 | Source = F-Secure Standalone Minifilter | ID = 327681 Description = Error - 18.10.2010 11:23:20 | Computer Name = HISPANOP-B19EF6 | Source = F-Secure Standalone Minifilter | ID = 327681 Description = Error - 18.10.2010 17:27:55 | Computer Name = HISPANOP-B19EF6 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 19.10.2010 23:03:33 | Computer Name = HISPANOP-B19EF6 | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 20.10.2010 13:18:07 | Computer Name = HISPANOP-B19EF6 | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.2 für die Netzwerkkarte mit der Netzwerkadresse 001FE23DA80E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). < End of report > |
21.10.2010, 12:01 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPack.GEN3 - ich werd ihn nicht los Wurde Malwarebytes schon ausgeführt? Wenn ja alle Logs posten.
__________________
__________________ |
Themen zu TR/Crypt.XPack.GEN3 - ich werd ihn nicht los |
0x00000001, adobe, antivir, avgntflt.sys, avira, bho, canon, components, conduit, device driver, einstellungen, error, excel, explorer, firefox, flash player, format, helper, iexplore.exe, jusched.exe, launch, location, logfile, microsoft office word, mozilla, msvcrt, office 2007, oldtimer, otl.exe, plug-in, realtek, registry, rundll, saver, searchplugins, security, security update, server, shell32.dll, software, studio, system restore, systray, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, udp, usb, vlc media player, windows internet |