| |
| |||||||
Log-Analyse und Auswertung: tr/crypt.xpack.gen3 in c:\windows\tempWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.05.2011, 19:56
| #1 |
| |  tr/crypt.xpack.gen3 in c:\windows\temp Hallo Leute, seit einiger Zeit bekomme ich von Antivir ständig die Nachricht: "tr/crypt.xpack.gen3 in c:\windows\temp\... gefunden" weder manuelles noch über antivir gesteuertes entfernen haben dabei etwas gebracht.ich habe es auch schon mit Malwarebytes versucht, auch das hat nicht geholfen. hab auch schon versucht mich in foren schlauzulesen, aber bin damit nicht weit gekommen, da ich mich mit otl etc nicht auskenne deshalb hier meine Log-Files und ich bitte um hilfe, danke schonmal im voraus Datei otl.txt: Code:
ATTFilter OTL logfile created on: 23.05.2011 20:20:03 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Annina\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.98% Memory free 4.19 Gb Paging File | 2.99 Gb Available in Paging File | 71.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119.00 Gb Total Space | 43.61 Gb Free Space | 36.65% Space Free | Partition Type: NTFS Drive D: | 30.04 Gb Total Space | 20.57 Gb Free Space | 68.47% Space Free | Partition Type: FAT32 Computer Name: NINAMOBIL | User Name: Annina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Annina\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe (BullGuard Software) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe () PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Annina\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (BsFileScan) -- C:\Programme\BullGuard Software\BullGuard\BsFileScan.dll (BullGuard Ltd.) SRV - (BGLiveSvc) -- C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe (BullGuard Software) SRV - (BgMainSvc) -- C:\Programme\BullGuard Software\BullGuard\BsMain.dll (BullGuard, Ltd.) SRV - (BsMailProxy) -- C:\Programme\BullGuard Software\BullGuard\BsMailProxy.dll (BullGuard Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (BdFileSpy) -- C:\Windows\System32\drivers\BdFileSpy.sys (BullGuard Ltd.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (Reconn) -- C:\Programme\BullGuard Software\BullGuard\Reconn.sys (BullGuard Ltd.) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTLWUSB) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Kino.to" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.ecosia.org/" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 15:37:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.08 14:32:23 | 000,000,000 | ---D | M] [2008.11.06 20:05:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annina\AppData\Roaming\mozilla\Extensions [2011.05.06 15:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Annina\AppData\Roaming\mozilla\Firefox\Profiles\xgimwu1x.default\extensions [2011.04.28 16:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Annina\AppData\Roaming\mozilla\Firefox\Profiles\xgimwu1x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.04 17:24:16 | 000,002,289 | ---- | M] () -- C:\Users\Annina\AppData\Roaming\Mozilla\Firefox\Profiles\xgimwu1x.default\searchplugins\ecosia-1.xml [2010.12.28 12:41:43 | 000,002,094 | ---- | M] () -- C:\Users\Annina\AppData\Roaming\Mozilla\Firefox\Profiles\xgimwu1x.default\searchplugins\ecosia.xml [2011.04.24 10:48:18 | 000,003,312 | ---- | M] () -- C:\Users\Annina\AppData\Roaming\Mozilla\Firefox\Profiles\xgimwu1x.default\searchplugins\kinoto.xml [2011.05.04 10:49:32 | 000,001,330 | ---- | M] () -- C:\Users\Annina\AppData\Roaming\Mozilla\Firefox\Profiles\xgimwu1x.default\searchplugins\wikipedia-en.xml [2011.05.06 12:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.06 12:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.06 12:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [2011.05.06 15:37:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.05.06 12:24:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2007.12.19 14:57:38 | 000,310,272 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2011.05.06 15:37:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.05.06 15:37:42 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.05.06 15:37:42 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.06 15:37:42 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.06 15:37:42 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.06 15:37:42 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CtrlVol] File not found O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Ninamobil O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Annina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Annina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4810aa98-05ae-11df-93e3-0007ca06a2c1}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Play.exe O33 - MountPoints2\{68dae2f9-f2f0-11de-9545-0016d3832706}\Shell\AutoRun\command - "" = avast/avast32.exe O33 - MountPoints2\{68dae2f9-f2f0-11de-9545-0016d3832706}\Shell\explore\command - "" = .////////avast/\\\\\avast32.exe O33 - MountPoints2\{68dae2f9-f2f0-11de-9545-0016d3832706}\Shell\open\command - "" = avast/////////avast32.exe O33 - MountPoints2\{e35fbf0d-5d5d-11dc-a67b-0007ca06a2c1}\Shell\AutoRun\command - "" = F:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.18 08:31:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.05.17 06:58:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.08 14:31:25 | 000,000,000 | ---D | C] -- C:\Programme\Adobe [2011.05.08 14:31:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2011.05.08 14:29:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.05.06 12:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.05.06 12:25:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.05.06 12:25:09 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.05.06 12:25:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.06 12:25:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.06 12:25:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.06 12:23:30 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.04.28 08:27:21 | 000,000,000 | ---D | C] -- C:\Users\Annina\AppData\Roaming\Malwarebytes [2011.04.28 08:26:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.28 08:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.28 08:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.28 08:26:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.28 08:26:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.26 18:34:39 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2007.07.11 18:24:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2011.05.23 20:27:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 20:27:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.23 20:12:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.23 19:58:01 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.23 19:58:01 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.23 19:58:01 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.23 19:58:01 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.23 19:55:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.23 19:29:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.17 06:58:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.09 08:58:19 | 000,002,379 | ---- | M] () -- C:\Users\Annina\Desktop\Skype.lnk [2011.05.08 14:32:23 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.05.06 12:23:51 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.06 12:23:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.06 12:23:50 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.06 12:23:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.29 09:53:31 | 000,086,528 | ---- | M] () -- C:\Users\Annina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.28 08:26:58 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.28 08:12:30 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~33414944 [2011.04.28 08:12:30 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~33414944r [2011.04.28 08:11:47 | 000,000,336 | -H-- | M] () -- C:\ProgramData\33414944 [2011.04.27 08:53:36 | 000,000,184 | -H-- | M] () -- C:\ProgramData\~34856736 [2011.04.27 08:53:36 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~34856736r [2011.04.27 08:53:07 | 000,000,336 | -H-- | M] () -- C:\ProgramData\34856736 [2011.04.25 17:50:50 | 000,068,248 | ---- | M] () -- C:\Users\Annina\Documents\Paris Visite Transaktionsdaten.jpg ========== Files Created - No Company Name ========== [2011.05.08 14:32:23 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.05.08 14:32:23 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2011.05.06 15:37:49 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.28 08:26:58 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.28 08:12:30 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~33414944r [2011.04.28 08:12:29 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~33414944 [2011.04.28 08:11:47 | 000,000,336 | -H-- | C] () -- C:\ProgramData\33414944 [2011.04.27 08:53:36 | 000,000,184 | -H-- | C] () -- C:\ProgramData\~34856736 [2011.04.27 08:53:36 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~34856736r [2011.04.27 08:53:07 | 000,000,336 | -H-- | C] () -- C:\ProgramData\34856736 [2011.04.25 17:50:49 | 000,068,248 | ---- | C] () -- C:\Users\Annina\Documents\Paris Visite Transaktionsdaten.jpg [2010.09.15 14:24:11 | 000,000,680 | ---- | C] () -- C:\Users\Annina\AppData\Local\d3d9caps.dat [2007.12.22 12:12:55 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2007.12.22 12:12:55 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2007.12.22 12:12:55 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2007.12.22 12:12:55 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2007.12.22 12:12:55 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2007.12.22 12:12:55 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2007.12.22 12:12:55 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2007.12.22 12:12:55 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2007.12.22 12:12:55 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2007.12.22 12:12:55 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2007.12.22 12:12:55 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2007.12.22 12:12:55 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2007.12.22 12:12:55 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2007.12.22 12:12:54 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2007.12.22 12:12:54 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2007.12.22 12:12:54 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2007.12.22 12:12:54 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2007.12.22 12:12:54 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2007.12.22 12:12:54 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2007.12.22 12:06:38 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2007.10.25 16:51:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2007.09.27 17:20:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2007.09.11 19:58:26 | 000,014,352 | ---- | C] () -- C:\Users\Annina\AppData\Roaming\wklnhst.dat [2007.09.07 14:08:50 | 000,086,528 | ---- | C] () -- C:\Users\Annina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.06 18:54:55 | 000,000,094 | ---- | C] () -- C:\Users\Annina\AppData\Local\fusioncache.dat [2007.07.11 18:24:07 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.07.09 17:32:04 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe [2007.07.06 07:39:12 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.07.06 07:39:06 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.07.06 07:12:57 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007.07.06 06:41:51 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2007.07.06 06:41:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007.06.20 13:44:37 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI [2007.06.20 13:39:38 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.06.20 13:39:38 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.06.11 14:43:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.06.11 14:43:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2006.12.11 06:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006.11.02 17:33:31 | 000,651,350 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,121,114 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,370,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,618,470 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,107,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2006.09.20 07:34:10 | 000,000,000 | -H-- | C] () -- C:\Windows\Buhl.ini < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.05.2011 20:20:03 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Annina\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.98% Memory free
4.19 Gb Paging File | 2.99 Gb Available in Paging File | 71.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.00 Gb Total Space | 43.61 Gb Free Space | 36.65% Space Free | Partition Type: NTFS
Drive D: | 30.04 Gb Total Space | 20.57 Gb Free Space | 68.47% Space Free | Partition Type: FAT32
Computer Name: NINAMOBIL | User Name: Annina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2567CEB9-C318-4779-8B44-E1992C092947}" = lport=139 | protocol=6 | dir=in | app=system |
"{29A0CDE8-839A-4213-A890-4CCC153E871D}" = lport=138 | protocol=17 | dir=in | app=system |
"{35F68AF2-3C32-467E-AA94-A7E1EDA7E959}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3EF65924-714D-4FE3-8CFA-38B8A590FCB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E7E378A-AED3-4010-9978-57620F97446C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{67D4C459-37A2-49C3-BE18-9FB5D6D15951}" = rport=139 | protocol=6 | dir=out | app=system |
"{78BD4C81-17AE-436B-B9B1-98B13EAAEC96}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A494E09-7C4F-44D0-B3EA-4AB703E51BC3}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D709538-7A29-4BED-947E-85283B644E58}" = lport=445 | protocol=6 | dir=in | app=system |
"{A0093B9D-3785-4C24-AC6C-8CF0B4D21883}" = rport=137 | protocol=17 | dir=out | app=system |
"{E958B1C1-8327-4380-9E36-B00E479A5F45}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE428131-372C-45A8-97E1-8C80E8CB90CA}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02109B93-2C20-431B-8430-301EBDFCB5EA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BE797B3-B4FC-4D5A-A71F-4462821EF227}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1F09F116-AC2C-4ECD-9777-79763B72BB06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{23D58320-05B8-40E8-B710-807CB398B772}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2A4C919C-86A7-4812-A767-C9752B6DD3DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36B76DA6-35AA-479A-9C88-4392F01313B7}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{4095E13D-487D-4995-868C-FCC9A1D83BCA}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg free\avgamsvr.exe |
"{4105302B-418F-4B76-A8E1-2CE321C474C3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4C8FD9CE-77B6-4046-B6C2-707F80A9C401}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg free\avgemc.exe |
"{4E400DAD-09C8-47E8-96B9-0098FDDE8024}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{52A84B1D-6348-4D4F-A8D3-AF5CD1CF0200}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg free\avgcc.exe |
"{5E57D578-2964-43B2-9361-B033F663DEA3}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg free\avgamsvr.exe |
"{630F1A5D-049A-401D-86AF-CC0227F4A856}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6CF67B88-CDB0-41ED-AA71-E4049DB4A84E}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg free\avginet.exe |
"{6F85E111-5359-4FF5-AAB5-0ED822B7309D}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg free\avgemc.exe |
"{8520D5EC-FA91-4EE4-B1D2-EFD6E708F11E}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg free\avginet.exe |
"{9804F6F2-8A12-4583-9538-E6A6F182A824}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B5082DCF-FB59-457F-97A2-D63F8AE8DFAF}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{D84D08D2-09E3-43C3-9FDD-5C67DC69C203}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DD553E4B-F236-4AF3-9E08-EC387D59811D}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg free\avgcc.exe |
"{E6461674-8BE1-401C-A0DC-B0EED0CEE7AA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EBA3DB16-4CD8-4F78-BCA0-C3CACE637356}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EC213508-AE5C-4824-80A9-86AC8A17A7A3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{51BC2E2D-C823-4FD4-94FE-3E611E650A6F}C:\program files\steam\steamapps\black_stalker\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\black_stalker\counter-strike\hl.exe |
"TCP Query User{DC4AC03F-B8F0-4850-BCEE-8AD852CB2506}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{42E1336D-CFBF-40A1-B0BA-6FBB8BA75A3F}C:\program files\steam\steamapps\black_stalker\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\black_stalker\counter-strike\hl.exe |
"UDP Query User{97986B51-2717-410C-B449-D71DD5430427}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EDFA38A-2FEB-4E62-82C9-DA415C0EEF33}" = IEEE 802.11g Wireless LAN driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK USB Wireless LAN Driver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D405ED38-2149-471F-B876-07839A00DBDC}" = PowerTeacher DeLuxe
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALDI Foto Manager Free Nord D" = ALDI Foto Manager Free Nord 3.4.0.466 (D)
"ALDI Foto Service Nord D" = ALDI Foto Service Nord 1.10.0.61 (D)
"ALDI Fotobuch Druck Service_is1" = ALDI Fotobuch Druck Service
"ALDI Online Druck Service (Nord)" = ALDI Online Druck Service (Nord)
"Aquachem 4.0" = Aquachem 4.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BullGuard" = BullGuard 7.0 for Vista
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"ISIS Draw 2.1.4 Standalone" = ISIS Draw 2.1.4 Standalone
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord 6.0.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Native Instruments Traktor DJ Player" = Native Instruments Traktor DJ Player
"ShotOnline" = ShotOnline
"Skype_is1" = eBay.de - Skype 3.0
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Steam App 10" = Counter-Strike
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.12.2009 09:18:11 | Computer Name = Ninamobil.Ninamobil | Source = WerSvc | ID = 5007
Description =
Error - 31.12.2009 07:23:51 | Computer Name = Ninamobil.Ninamobil | Source = WerSvc | ID = 5007
Description =
Error - 31.12.2009 08:53:07 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 31.12.2009 08:53:08 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 31.12.2009 10:37:19 | Computer Name = Ninamobil.Ninamobil | Source = WerSvc | ID = 5007
Description =
Error - 01.01.2010 09:27:21 | Computer Name = Ninamobil.Ninamobil | Source = WerSvc | ID = 5007
Description =
Error - 01.01.2010 09:28:06 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 01.01.2010 09:28:07 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 01.01.2010 19:51:41 | Computer Name = Ninamobil.Ninamobil | Source = WerSvc | ID = 5007
Description =
Error - 03.01.2010 08:29:47 | Computer Name = Ninamobil.Ninamobil | Source = WerSvc | ID = 5007
Description =
[ Media Center Events ]
Error - 26.04.2011 18:51:43 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 05 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 26.04.2011 18:56:43 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 05 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 26.04.2011 19:01:43 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 05 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 26.04.2011 19:06:43 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 05 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 05.05.2011 17:49:53 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 08.05.2011 17:04:50 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 11.05.2011 17:25:13 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 13.05.2011 17:15:52 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 13.05.2011 17:17:09 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Prozess: DefaultDomain Objektname: Media Center Guide
Error - 20.05.2011 18:00:57 | Computer Name = Ninamobil.Ninamobil | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerAccumulate failed;
Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center
Guide
[ OSession Events ]
Error - 26.06.2010 09:05:32 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 647
seconds with 240 seconds of active time. This session ended with a crash.
Error - 27.10.2010 14:07:25 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 2902
seconds with 1200 seconds of active time. This session ended with a crash.
Error - 17.11.2010 12:49:35 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3537
seconds with 2100 seconds of active time. This session ended with a crash.
Error - 17.11.2010 13:08:22 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1108
seconds with 720 seconds of active time. This session ended with a crash.
Error - 17.11.2010 16:43:28 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12888
seconds with 9660 seconds of active time. This session ended with a crash.
Error - 05.12.2010 15:30:16 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2829 seconds with 60 seconds of active time. This session ended with a crash.
Error - 08.12.2010 14:34:32 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6014.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 1993
seconds with 600 seconds of active time. This session ended with a crash.
Error - 05.01.2011 13:40:11 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 14 seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.01.2011 11:55:15 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 933 seconds with 540 seconds of active time. This session ended with a crash.
Error - 04.03.2011 17:22:41 | Computer Name = Ninamobil.Ninamobil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 25650 seconds with 120 seconds of active time. This session ended with a
crash.
[ System Events ]
Error - 20.05.2011 10:31:27 | Computer Name = Ninamobil.Ninamobil | Source = Service Control Manager | ID = 7026
Description =
Error - 20.05.2011 13:11:31 | Computer Name = Ninamobil.Ninamobil | Source = Service Control Manager | ID = 7026
Description =
Error - 20.05.2011 16:56:33 | Computer Name = Ninamobil.Ninamobil | Source = Service Control Manager | ID = 7026
Description =
Error - 21.05.2011 02:57:04 | Computer Name = Ninamobil.Ninamobil | Source = Service Control Manager | ID = 7026
Description =
Error - 21.05.2011 16:56:04 | Computer Name = Ninamobil.Ninamobil | Source = DCOM | ID = 10010
Description =
Error - 23.05.2011 02:02:08 | Computer Name = Ninamobil.Ninamobil | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Microsoft Office Document Image
Writer nicht unter dem Namen Microsoft Office Document Image Writer freigeben.
Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet
werden.
Error - 23.05.2011 02:02:08 | Computer Name = Ninamobil.Ninamobil | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker EPSON Stylus DX4400 Series nicht
unter dem Namen EPSON Stylus DX4400 Series freigeben. Fehler: 2114. Der Drucker
kann nicht von anderen Benutzern im Netzwerk verwendet werden.
Error - 23.05.2011 02:03:23 | Computer Name = Ninamobil.Ninamobil | Source = Service Control Manager | ID = 7026
Description =
Error - 23.05.2011 13:28:18 | Computer Name = Ninamobil.Ninamobil | Source = Service Control Manager | ID = 7026
Description =
Error - 23.05.2011 13:55:38 | Computer Name = Ninamobil.Ninamobil | Source = Service Control Manager | ID = 7011
Description =
< End of report >
|
| Themen zu tr/crypt.xpack.gen3 in c:\windows\temp |
| antivir, avira, bho, black, c:\windows\system32\rundll32.exe, desktop, druck, ebay.de, entfernen, error, excel.exe, extras.txt, failed, firefox, flash player, gcs.exe, geld, google earth, home, hotkey.sys, install.exe, intranet, launch, logfile, microsoft office word, mozilla, oldtimer, otl.txt, plug-in, prozess, realtek, registry, scan, sched.exe, searchplugins, security, senden, shell32.dll, shortcut, software, start menu, svchost.exe, tr/crypt.xpack.ge, tr/crypt.xpack.gen, vista, windows |
Baum-Darstellung