| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AntiVir meldet Crypt.XPACK.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.01.2011, 11:28
| #1 | |||
 |  AntiVir meldet Crypt.XPACK.Gen Hallo Wissende. Ein von mir ausgeführter Routine-Scan mit AntiVir 10 Personal hat zwei Warnungen ausgespuckt, beide benannten den Trojaner Crypt.XPACK.Gen. Einer davon steckt hier: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Y8RDN683\yHff91e22dV03f01236002Rd990bc23102Tb34c800bJ14000601Q000002f3901801F0066010al000730dP000001080[1] Der andere hier: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\OKSW.exe Anbei AntiVir-Logfile 1: Zitat:
Zitat:
c:\dokumente und einstellungen\***\anwendungsdaten\dhxiuw.dat Hier das Malwarebytes-Logfile: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.01.2011 10:54:46 - Run 2 OTL by OldTimer - Version 3.2.20.1 Folder = D:\TOOLS\SYSTEM\security Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 400,00 Mb Available Physical Memory | 39,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,37 Gb Total Space | 45,91 Gb Free Space | 61,73% Space Free | Partition Type: NTFS Drive D: | 72,21 Gb Total Space | 4,18 Gb Free Space | 5,78% Space Free | Partition Type: NTFS Drive E: | 2,45 Gb Total Space | 0,47 Gb Free Space | 19,35% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\TOOLS\SYSTEM\security\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox 3.5\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox 3.5\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mikogo\Mikogo-Host.exe (Mikogo) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Seagate\AutoBackup\MemeoBackup.exe (Memeo Inc.) PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - D:\TOOLS\SYSTEM\security\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apache2.2) -- N:\xampp\apache\bin\apache.exe File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (ATMsrvc) -- C:\WINDOWS\system32\ATMsrvc.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (TermDD) -- C:\WINDOWS\system32\drivers\termdd.sys () DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (s816mdm) -- C:\WINDOWS\system32\drivers\s816mdm.sys (MCCI Corporation) DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s816mgmt.sys (MCCI Corporation) DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\WINDOWS\system32\drivers\s816unic.sys (MCCI) DRV - (s816obex) -- C:\WINDOWS\system32\drivers\s816obex.sys (MCCI Corporation) DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\WINDOWS\system32\drivers\s816nd5.sys (MCCI Corporation) DRV - (s816mdfl) -- C:\WINDOWS\system32\drivers\s816mdfl.sys (MCCI Corporation) DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\WINDOWS\system32\drivers\s816bus.sys (MCCI Corporation) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010.07.07 13:11:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.02 09:27:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.01.11 11:28:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox 3.5\components [2010.12.14 19:45:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox 3.5\plugins [2011.01.11 11:28:25 | 000,000,000 | ---D | M] [2009.05.27 09:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2011.01.13 10:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mu372a65.default\extensions [2009.02.18 12:33:07 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mu372a65.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}(2) [2010.07.07 13:14:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mu372a65.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.02.18 12:33:06 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mu372a65.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}(2) [2010.10.15 07:29:27 | 000,000,000 | ---D | M] (Sage) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mu372a65.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596} [2009.07.17 15:00:50 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mu372a65.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011.01.07 09:23:51 | 000,000,000 | ---D | M] (Firebug) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mu372a65.default\extensions\firebug@software.joehewitt.com [2009.02.18 12:33:11 | 000,000,000 | ---D | M] ("Foxmarks Bookmark Synchronizer") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\mu372a65.default\extensions\foxmarks@kei(2).com [2011.01.05 09:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.03.10 17:26:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.03.31 13:59:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME\MOZILLA FIREFOX 3.5\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.07.07 13:11:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME\MOZILLA FIREFOX 3.5\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.18 09:02:10 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAMME\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER [2009.05.27 09:44:07 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.05.27 09:44:07 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.05.27 09:44:07 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.05.27 09:44:07 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.05.27 09:44:07 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.28 17:29:11 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKCU..\Run: [Getdo] File not found O4 - HKCU..\Run: [Imgnat] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe\Update\dlgret.exe () O4 - HKCU..\Run: [Mikogo] C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mikogo\Mikogo-Host.exe (Mikogo) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\AutoBackup Launcher.lnk = C:\Programme\Seagate\AutoBackup\MemeoLauncher.exe (Memeo Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programme\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211627025700 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.68 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.05.24 11:43:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3728a4f3-06ff-11de-9e02-001d0fafcf66}\Shell - "" = AutoRun O33 - MountPoints2\{3728a4f3-06ff-11de-9e02-001d0fafcf66}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3728a4f3-06ff-11de-9e02-001d0fafcf66}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\{93f20dd0-8bdb-11de-9ea6-001d0fafcf66}\Shell - "" = AutoRun O33 - MountPoints2\{93f20dd0-8bdb-11de-9ea6-001d0fafcf66}\Shell\1\Command - "" = .\RECYCLER\Lcass.exe O33 - MountPoints2\{93f20dd0-8bdb-11de-9ea6-001d0fafcf66}\Shell\2\Command - "" = .\RECYCLER\Lcass.exe O33 - MountPoints2\{93f20dd0-8bdb-11de-9ea6-001d0fafcf66}\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.13 10:34:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\logfiles_20110113 [2011.01.13 09:53:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.01.13 09:53:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.01.13 09:53:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.01.13 09:46:20 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2011.01.13 09:30:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2011.01.10 18:05:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\BlackBerry [2011.01.10 18:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Research In Motion [2011.01.07 15:17:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\jxmler_1.1.2_beta [2010.12.30 09:19:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mein Büro [2010.12.20 13:36:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Clips Berenfaenger NEU [2010.12.20 13:19:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Flash Berenfaenger [2010.12.16 09:19:08 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2010.12.16 09:17:37 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.13 10:55:01 | 000,001,236 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-879983540-725345543-1004UA.job [2011.01.13 10:30:00 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.01.13 09:55:44 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.01.13 09:55:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.01.13 09:18:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.01.12 15:48:04 | 000,008,556 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\com.living-e.timeEdition.plist [2011.01.11 10:57:04 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2011.01.10 17:46:10 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin [2011.01.10 15:55:01 | 000,001,184 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-879983540-725345543-1004Core.job [2011.01.07 15:17:01 | 000,020,448 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\jxmler_1.1.2_beta.gz [2011.01.04 08:34:39 | 000,553,559 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\snap_1.png [2010.12.30 09:19:31 | 000,001,647 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Mein Büro.lnk [2010.12.27 19:03:07 | 000,461,976 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.12.27 19:03:07 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.12.27 19:03:07 | 000,085,336 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.12.27 19:03:07 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.12.23 10:35:06 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.12.22 10:15:17 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2010.12.21 11:53:01 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd [2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.12.20 10:21:57 | 003,247,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.12.16 18:22:50 | 000,000,007 | ---- | M] () -- C:\tw0001.dat [2010.12.15 08:55:59 | 000,002,417 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Google Chrome.lnk [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.11 10:55:58 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2011.01.10 18:06:39 | 000,001,157 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BBMS_EXCEPTION.txt [2011.01.07 15:17:01 | 000,020,448 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\jxmler_1.1.2_beta.gz [2011.01.04 08:32:36 | 000,553,559 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\snap_1.png [2010.12.30 09:19:31 | 000,001,647 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Mein Büro.lnk [2010.07.23 14:26:16 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll [2010.07.07 10:28:36 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dhxiuw.dat [2010.05.21 12:32:55 | 000,001,381 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2010.05.18 08:53:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2009.08.19 11:08:43 | 000,003,714 | ---- | C] () -- C:\WINDOWS\iexplore.ini [2009.06.08 10:58:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI [2009.04.06 19:43:52 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.04.06 19:43:52 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.04.06 19:43:50 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.04.06 19:43:50 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.04.06 19:43:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2009.03.10 17:20:08 | 000,008,556 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\com.living-e.timeEdition.plist [2009.02.10 13:33:16 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\HPEPCEnm.dll [2009.02.10 13:33:02 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll [2008.11.20 16:38:16 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2008.11.11 11:00:41 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd [2008.11.04 18:12:29 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\D88F915F34.sys [2008.11.04 18:03:22 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008.07.02 16:39:05 | 000,038,429 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft Excel.ADR [2008.07.02 16:37:19 | 000,038,440 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR [2008.06.02 15:23:50 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.05.31 14:34:42 | 000,003,296 | ---- | C] () -- C:\WINDOWS\tm.ini [2008.05.31 14:14:37 | 000,000,788 | ---- | C] () -- C:\WINDOWS\wiso.ini [2008.05.31 08:41:20 | 000,000,039 | ---- | C] () -- C:\WINDOWS\MB.ini [2008.05.27 11:13:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.05.27 11:13:07 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.05.25 14:13:37 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll [2008.05.24 15:45:48 | 000,000,246 | ---- | C] () -- C:\WINDOWS\buhl.ini [2008.05.24 14:27:08 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.05.24 12:36:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.05.24 12:33:38 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2008.05.24 12:33:38 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2008.05.24 12:33:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2008.05.24 12:33:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2008.05.24 12:33:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2008.05.24 11:40:21 | 000,040,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\termdd.sys [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2008.05.31 14:08:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2008.05.24 15:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2008.05.29 10:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Quark [2011.01.10 18:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Research In Motion [2008.07.01 08:55:48 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Seagate [2008.12.05 15:26:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore [2008.06.02 15:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tanagra [2010.10.04 10:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Akqede [2010.01.04 18:53:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Blackberry Desktop [2008.05.31 14:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service [2008.05.31 08:53:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service GmbH [2010.09.17 14:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\callas software [2009.09.15 10:50:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\com.levitation.ColorBrowser.E8C85B0D1658562C6BF4EE77663EB3C86B87123C.1 [2009.09.15 10:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\couk.psyked.ImageSizer.33AC44770D6DA0D343B94BC05C14D0B14C15D157.1 [2008.05.31 09:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DataDesign [2009.09.15 10:48:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\de.dasplankton.Contrast-A.5DD45AD90B4BAAE78989E28539AB01CA0764F503.1 [2008.05.31 08:53:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\deltra Software GmbH [2010.11.12 10:31:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoft [2011.01.11 15:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla [2009.01.08 12:36:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FireShot [2010.05.18 09:40:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GrabPro [2010.10.04 19:20:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ilyza [2010.07.07 13:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterTrust [2010.03.01 10:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LetsTrade [2010.08.02 10:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mikogo [2010.03.18 17:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mobipocket [2011.01.05 12:12:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MySQL [2008.09.03 09:33:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.12.27 20:30:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Orbit [2011.01.10 18:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Research In Motion [2009.09.25 13:24:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SMSout [2009.11.17 18:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SorensonMedia [2010.07.05 17:20:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SuperMailer [2009.09.17 15:32:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SuperMailer-Bounce [2011.01.12 11:27:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\timeEdition [2008.10.01 11:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WebSnapshot.46B1249CCE380CAC0025C2FEDDA40A017CA04F82.1 ========== Purity Check ========== < End of report > [/QUOTE] OTL-Extras Logfile hier: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.01.2011 10:54:46 - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = D:\TOOLS\SYSTEM\security
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 400,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,37 Gb Total Space | 45,91 Gb Free Space | 61,73% Space Free | Partition Type: NTFS
Drive D: | 72,21 Gb Total Space | 4,18 Gb Free Space | 5,78% Space Free | Partition Type: NTFS
Drive E: | 2,45 Gb Total Space | 0,47 Gb Free Space | 19,35% Space Free | Partition Type: FAT32
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox 3.5\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"K:\setup\hpznui01.exe" = K:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\apachefriends\xampp\mysql\bin\mysqld.exe" = D:\apachefriends\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"D:\apachefriends\xampp\apache\bin\apache.exe" = D:\apachefriends\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"L:\apachefriends\xampp\apache\bin\apache.exe" = L:\apachefriends\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- File not found
"L:\apachefriends\xampp\mysql\bin\mysqld.exe" = L:\apachefriends\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- File not found
"C:\apachefriends\xampp\mysql\bin\mysqld.exe" = C:\apachefriends\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\apachefriends\xampp\apache\bin\Apache.exe" = C:\apachefriends\xampp\apache\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"M:\backup\Memeo\*** Backup\D_\apachefriends\xampp\apache\bin\apache.exe" = M:\backup\Memeo\*** Backup\D_\apachefriends\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- File not found
"M:\backup\Memeo\*** Backup\D_\apachefriends\xampp\mysql\bin\mysqld.exe" = M:\backup\Memeo\*** Backup\D_\apachefriends\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- File not found
"L:\xampp\apache\bin\apache.exe" = L:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- File not found
"L:\xampp\mysql\bin\mysqld.exe" = L:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld -- File not found
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Opera8\opera.exe" = C:\Programme\Opera8\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Sorenson Media\Sorenson Squeeze 6\squeeze.exe" = C:\Programme\Sorenson Media\Sorenson Squeeze 6\squeeze.exe:*:Enabled:Squeeze Application -- (Sorenson Media Inc.)
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Mozilla Firefox 3.5\firefox.exe" = C:\Programme\Mozilla Firefox 3.5\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"K:\setup\hpznui01.exe" = K:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\T-COM AG\T-Eumex 628\EMX628FW.exe" = C:\Programme\T-COM AG\T-Eumex 628\EMX628FW.exe:*:Enabled:EMX628FW -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\WinSCP\WinSCP.exe" = C:\Programme\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl)
"C:\Programme\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe" = C:\Programme\MySQL\MySQL Workbench 5.2 CE\MySQLWorkbench.exe:LocalSubNet:Enabled:MySQL Workbench -- (Oracle Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3303E88E-C09C-44FD-9D15-3A0265DB938A}" = Opera 9.0
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48F3B22E-2DA0-2711-83E8-29861415163E}" = Contrast-A
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{624E7452-BA43-4f55-B9D5-FC75EEA0808B}" = Officejet Pro 8500 A909 Series
"{661F1109-B3BB-9D7A-7FB2-2327F1BA00C2}" = ImageSizer
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{7AC1A660-59E4-C2ED-466B-3051361C27F9}" = Color Browser
"{7CB4BD9D-5CDA-4DEC-9C88-A300C569A2A5}" = MySQL Workbench 5.2 CE
"{7F0E4311-D46D-456E-97CC-44F7E331DE66}" = Sorenson Squeeze 6.0
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8920EF0D-633E-46D1-9561-90E713E3145A}" = AutoBackup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B66AE62A-5F8D-45DB-A365-4913F5050E99}" = T-Eumex 628
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE53BB2F-FD8F-48b9-AC90-207D0D8EE028}" = 8500A909a
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C94B144D-C472-4F5A-B1F6-655263B20716}_is1" = Mein Büro
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC0FF7-E4CD-4C24-95F3-C073168C2D01}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9500 smartphone
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA791BB-6F54-48ED-BC2A-F78157C1D558}" = Adobe Setup
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB2D04AE-CB6F-8E66-4BA5-F0556762073C}" = EM Calculator
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF55DE-F9C2-1E79-249A-2741F7098ABF}" = WebSnapshot
"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Type Manager Deluxe 4.1" = Adobe Type Manager Deluxe 4.1
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Adobe_c015d5ef39552390a753ee735d16041" = Adobe Illustrator CS3
"Applian Director2.0" = Applian Director
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"com.levitation.ColorBrowser.E8C85B0D1658562C6BF4EE77663EB3C86B87123C.1" = Color Browser
"couk.psyked.ImageSizer.33AC44770D6DA0D343B94BC05C14D0B14C15D157.1" = ImageSizer
"de.dasplankton.Contrast-A.5DD45AD90B4BAAE78989E28539AB01CA0764F503.1" = Contrast-A
"DVD-TO-MPEG V2.2_is1" = DVD-TO-MPEG V2.2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV-Media Player" = FLV-Media Player 1.8
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.7.16
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"ie8" = Windows Internet Explorer 8
"iecollection_is1" = Internet Explorer Collection 1.5.0.1
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mein Büro 2008_is1" = Mein Büro 2008
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"Replay Media Catcher 3.11" = Replay Media Catcher
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Shop for HP Supplies" = Shop for HP Supplies
"SuperMailer" = SuperMailer 4.80
"SWFPlayer_is1" = SWFPlayer 2.6.2.0
"timeEdition_is1" = timeEdition 1.1.4
"TypographyCalcAir.14625D45FCFEFC0F148DA5E0F2EA86CD460C8EE3.1" = EM Calculator
"Uninstall_is1" = Uninstall 1.0.0.1
"Vector Magic" = Vector Magic
"WebSnapshot.46B1249CCE380CAC0025C2FEDDA40A017CA04F82.1" = WebSnapshot
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43
"winscp3_is1" = WinSCP 4.2.9
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"FileZilla Client" = FileZilla Client 3.3.3
"Google Chrome" = Google Chrome
"InstallShield_{8920EF0D-633E-46D1-9561-90E713E3145A}" = AutoBackup
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.12.2010 05:08:20 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung illustrator.exe, Version 13.0.128.0, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.3053, Fehleradresse 0x00008aa0.
Error - 20.12.2010 05:22:04 | Computer Name = *** | Source = ESENT | ID = 490
Description = svchost (1060) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 22.12.2010 08:47:40 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x01f32f54.
Error - 28.12.2010 07:10:47 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung dreamweaver.exe, Version 7.0.1.2187, fehlgeschlagenes
Modul dreamweaver.exe, Version 7.0.1.2187, Fehleradresse 0x001a72c8.
Error - 28.12.2010 14:58:42 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Dreamweaver.exe, Version 7.0.1.2187, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 03.01.2011 04:30:09 | Computer Name = *** | Source = ESENT | ID = 490
Description = svchost (1072) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 03.01.2011 11:04:49 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul rpcrt4.dll, Version 5.1.2600.6022, Fehleradresse 0x00008e39.
Error - 03.01.2011 11:07:46 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Photoshop.exe, Version 10.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 10.01.2011 10:23:12 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.01.2011 04:02:05 | Computer Name = *** | Source = ESENT | ID = 490
Description = svchost (1096) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
[ System Events ]
Error - 06.01.2011 10:12:20 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 06.01.2011 12:35:25 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 07.01.2011 03:57:47 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 10.01.2011 04:38:32 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 11.01.2011 04:25:04 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 11.01.2011 06:24:27 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 12.01.2011 04:00:31 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 13.01.2011 04:19:12 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 13.01.2011 04:50:21 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 13.01.2011 04:55:53 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2.2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
< End of report >
Wäre toll, wenn ihr mir helfen könntet, mein System zu bereinigen - in der Hoffnung, es ist kein Totalschaden. Besten Gruß, Stevv |
| Themen zu AntiVir meldet Crypt.XPACK.Gen |
| 0x00000001, 32 bit, 7-zip, antivir, antivir meldet, avgntflt.sys, bho, bonjour, bookmark, converter, crypt.xpack.gen, desktop, document, downloader, error, firefox.exe, flash player, google earth, hijack, home, iexplore.exe, indesign, internet, internet browser, location, mozilla, msvcr80.dll, msvcrt, nt.dll, officejet, oldtimer, opera.exe, otl scan, otl.exe, picasa, plug-in, programm, prozesse, registry, rundll, saver, sched.exe, searchplugins, shell32.dll, software, sparbuch, svchost.exe, tr/crypt.xpack.ge, trojaner, usb, windows, windows internet, wuauclt.exe, youtube downloader |
Baum-Darstellung