Plagegeister aller Art und deren Bekämpfung: Virus - 'TR/Crypt.XPACK.Gen' [trojan]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
| ![]() Virus - 'TR/Crypt.XPACK.Gen' [trojan] Hallo, habe ein Problem mit einem Virus. Und zwar fing alles damit an, dass mein PC auf einmal abstürzte. Ein Blauer Bildschirm erschien, auf der etwas mit einer weißen Schrift erschien, verschwand dann aber nach ein paar Sekunden, so dass ich das nicht schnell genug lesen konnte. Nach dem 2. Abstürzen kam 3x die Meldung von Antivir: Virus! Hab dann auf Zugriff verweigern geklickt. Danach stürzte er noch ein paar mal ab, hab dann den CCleaner einmal durchlaufen lassen, nachdem auch Google Chrome ständig abstürzte und am Ende gleich nach dem Öffnen abstürzte. Auch eine Neuinstallation von Chrome brachte nicht so wirklich was. Es funktioniert zwar aber es stürzt beim Öffnen von Seiten oder Fotos immer wieder ab. Zwischendurch war es das gleiche mit Msn und jetzt eben lies sich Windowsmediaplayer nicht mehr öffnen und ebenso eine Datei von Office. Sie wurden aber im Taskmanager unter Prozesse angezeigt. Hab dieses dann beendet und jetzt geht es. Antivir Systemprüfung geht nicht.. da kommt die Meldung: Beim Laden des Moduls (aecore.dll) ist folgender Fehler aufgetreten: Die Engine wurde verändert. AntiVir zeigt bei den 3 Funden vom 11 Mai das an: In der Datei 'C:\Users\Lala\AppData\Local\Temp\EAD6EF7.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei gib es das aber nicht mehr. So, ist jetzt ein bisschen länger geworden, tschuldige. ![]() Kann mir wer helfen? ![]() ![]() |
Virus - 'TR/Crypt.XPACK.Gen' [trojan]Zitat:
AntiVir zeigt bei den 3 Funden vom 11 Mai das an: In der Datei 'C:\Users\Lala\AppData\Local\Temp\EAD6EF7.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
| ![]() Virus - 'TR/Crypt.XPACK.Gen' [trojan] Ne, bei Antivir stand nur das! Wo kann ich die Logs sonst finden?
Virus - 'TR/Crypt.XPACK.Gen' [trojan] Sollte unter Berichte/Ereignisse zu finden sein. Außerdem bitte hier ab Punkt zwei beachten und umsetzen => http://www.trojaner-board.de/69886-a...-beachten.html
| ![]() Virus - 'TR/Crypt.XPACK.Gen' [trojan] OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.05.2011 19:00:17 - Run 1 OTL by OldTimer - Version Folder = c:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,44% Memory free 6,19 Gb Paging File | 4,49 Gb Available in Paging File | 72,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 70,52 Gb Free Space | 24,46% Space Free | Partition Type: NTFS Drive E: | 3,68 Gb Total Space | 3,68 Gb Free Space | 99,81% Space Free | Partition Type: FAT32 Computer Name: ***| User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\Users\Lala\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Update\\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Google\Picasa3\Picasa3.exe (Google Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avwsc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\simpress.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Users\Lala\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.) PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (EgisTec Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - c:\Users\Lala\Downloads\OTL.exe (OldTimer Tools) MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys () DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}: FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.9.1 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3 FF - prefs.js..extensions.enabledItems: {69d1a568-ffdf-4ef5-8919-7003582e0ee8}: FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}: FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}: FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}: FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.1 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.05.19 15:10:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 12:00:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 12:00:22 | 000,000,000 | ---D | M] [2009.05.15 19:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lala\AppData\Roaming\mozilla\Extensions [2011.05.27 18:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions [2010.06.26 10:11:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.26 10:11:42 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.04.01 22:57:13 | 000,000,000 | ---D | M] (Playdom Toolbar) -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8} [2011.04.14 18:11:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.06.21 16:54:39 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.12.21 08:57:19 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.06.21 16:54:38 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.22 12:38:32 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.12.05 18:58:17 | 000,000,000 | ---D | M] () -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\fbdislike@doweb.fr [2011.05.27 18:53:19 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Lala\AppData\Roaming\mozilla\Firefox\Profiles\55uqcibn.default\extensions\ffxtlbr@Facemoods.com [2010.06.21 19:17:32 | 000,000,873 | ---- | M] () -- C:\Users\Lala\AppData\Roaming\Mozilla\Firefox\Profiles\55uqcibn.default\searchplugins\conduit.xml [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Lala\AppData\Roaming\Mozilla\Firefox\Profiles\55uqcibn.default\searchplugins\icqplugin.xml [2010.07.22 12:38:26 | 000,003,915 | ---- | M] () -- C:\Users\Lala\AppData\Roaming\Mozilla\Firefox\Profiles\55uqcibn.default\searchplugins\sweetim.xml [2010.07.31 00:14:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.31 00:14:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.01.05 16:43:28 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2011.05.19 15:10:43 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2010.07.31 00:14:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.02.18 18:47:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.06.12 03:24:05 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.12 03:24:05 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.27 18:56:56 | 000,002,047 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml [2010.06.12 03:24:05 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.12 03:24:05 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.12 03:24:05 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EA Core] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Lala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Lala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Lala\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lala\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{00e57318-c1cf-11df-9003-001f16936292}\Shell - "" = AutoRun O33 - MountPoints2\{00e57318-c1cf-11df-9003-001f16936292}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O33 - MountPoints2\{0616e857-9949-11de-ad1a-001f16936292}\Shell\verb1\command - "" = desktop.exe O33 - MountPoints2\{821d530f-7b85-11de-935e-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{821d530f-7b85-11de-935e-00a0c6000000}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.27 18:53:16 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com [2011.05.14 00:18:11 | 000,000,000 | ---D | C] -- C:\Users\Lala\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.05.14 00:16:11 | 000,000,000 | ---D | C] -- C:\Users\Lala\AppData\Local\Deployment [2011.05.14 00:16:11 | 000,000,000 | ---D | C] -- C:\Users\Lala\AppData\Local\Apps [2011.05.11 19:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.05.11 19:45:29 | 000,000,000 | ---D | C] -- C:\Users\Lala\AppData\Roaming\Avira [2011.05.10 22:23:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2009.04.13 01:19:27 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.27 18:54:36 | 000,005,226 | ---- | M] () -- C:\Users\Lala\.recently-used.xbel [2011.05.27 18:43:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.27 18:21:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1517091641-2711735598-3790612392-1000UA.job [2011.05.27 18:04:17 | 000,028,339 | ---- | M] () -- C:\Windows\System32\Config.MPF [2011.05.27 17:56:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.05.27 17:48:11 | 000,134,360 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.27 17:48:11 | 000,134,360 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.27 17:47:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.27 07:41:58 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.27 07:41:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.27 07:41:58 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.27 07:41:58 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.27 07:00:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.27 07:00:30 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.26 22:58:56 | 001,599,857 | ---- | M] () -- C:\Users\Lala\Documents\präsentation 1. generation.odp [2011.05.26 22:46:36 | 000,013,245 | ---- | M] () -- C:\Users\Lala\Documents\handout.odt [2011.05.26 20:22:26 | 000,002,041 | ---- | M] () -- C:\Users\Lala\Desktop\Google Chrome.lnk [2011.05.25 16:37:09 | 000,007,168 | -H-- | M] () -- C:\Users\Lala\Documents\photothumb.db [2011.05.24 17:43:59 | 000,101,376 | ---- | M] () -- C:\Users\Lala\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.24 17:38:36 | 000,001,025 | ---- | M] () -- C:\Users\Lala\Desktop\OpenOffice.org Impress.lnk [2011.05.24 17:35:25 | 000,010,462 | ---- | M] () -- C:\Users\Lala\AppData\Roaming\wklnhst.dat [2011.05.24 15:00:32 | 000,007,592 | ---- | M] () -- C:\Users\Lala\AppData\Local\d3d9caps.dat [2011.05.23 21:41:37 | 000,023,043 | ---- | M] () -- C:\Users\Lala\110523_164515.jpg [2011.05.23 21:41:21 | 000,025,493 | ---- | M] () -- C:\Users\Lala\110523_164529.jpg [2011.05.23 21:41:05 | 000,037,025 | ---- | M] () -- C:\Users\Lala\110523_164747.jpg [2011.05.23 21:40:55 | 000,074,933 | ---- | M] () -- C:\Users\Lala\110523_164758.jpg [2011.05.23 21:40:45 | 000,020,856 | ---- | M] () -- C:\Users\Lala\110523_164815.jpg [2011.05.23 21:40:12 | 000,040,643 | ---- | M] () -- C:\Users\Lala\110523_164850.jpg [2011.05.23 21:39:52 | 000,287,357 | ---- | M] () -- C:\Users\Lala\110523_164840.jpg [2011.05.23 21:39:50 | 000,265,540 | ---- | M] () -- C:\Users\Lala\110523_164829.jpg [2011.05.23 21:39:45 | 000,246,066 | ---- | M] () -- C:\Users\Lala\110523_164729.jpg [2011.05.23 19:33:11 | 000,016,008 | ---- | M] () -- C:\Users\Lala\Documents\franz.odt [2011.05.23 15:10:20 | 000,162,162 | ---- | M] () -- C:\Users\Lala\110518_153951.jpg [2011.05.23 15:10:18 | 000,205,926 | ---- | M] () -- C:\Users\Lala\110518_153920.jpg [2011.05.23 15:10:16 | 000,173,555 | ---- | M] () -- C:\Users\Lala\110517_101226 (1).jpg [2011.05.23 15:10:14 | 000,185,906 | ---- | M] () -- C:\Users\Lala\110517_101216 (1).jpg [2011.05.23 15:10:12 | 000,194,873 | ---- | M] () -- C:\Users\Lala\110517_101200 (1).jpg [2011.05.23 15:10:11 | 000,185,853 | ---- | M] () -- C:\Users\Lala\110517_101112 (1).jpg [2011.05.23 13:15:10 | 000,000,652 | ---- | M] () -- C:\Users\Lala\Desktop\ISLAND (2).lnk [2011.05.22 23:38:54 | 000,000,537 | ---- | M] () -- C:\Users\Lala\Desktop\Erdkunde.lnk [2011.05.22 23:38:53 | 001,834,000 | ---- | M] () -- C:\Users\Lala\Documents\Erdkunde.odp [2011.05.22 00:21:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1517091641-2711735598-3790612392-1000Core.job [2011.05.18 16:33:19 | 000,002,703 | ---- | M] () -- C:\Users\Lala\Desktop\Vodafone Mobile Connect.lnk [2011.05.18 16:32:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.18 16:31:33 | 3215,810,560 | -HS- | M] () -- C:\hiberfil.sys [2011.05.17 14:59:41 | 000,173,555 | ---- | M] () -- C:\Users\Lala\110517_101226.jpg [2011.05.17 14:59:37 | 000,185,906 | ---- | M] () -- C:\Users\Lala\110517_101216.jpg [2011.05.17 14:59:33 | 000,194,873 | ---- | M] () -- C:\Users\Lala\110517_101200.jpg [2011.05.17 14:59:16 | 000,185,853 | ---- | M] () -- C:\Users\Lala\110517_101112.jpg [2011.05.13 16:47:27 | 000,297,972 | ---- | M] () -- C:\Users\Lala\110512_141203.jpg [2011.05.13 16:47:19 | 000,287,050 | ---- | M] () -- C:\Users\Lala\110512_141152.jpg [2011.05.12 14:11:44 | 000,226,016 | ---- | M] () -- C:\Users\Lala\110512_141137.jpg [2011.05.12 14:11:30 | 000,229,668 | ---- | M] () -- C:\Users\Lala\110512_141128.jpg [2011.05.12 14:11:18 | 000,190,104 | ---- | M] () -- C:\Users\Lala\110512_141111.jpg [2011.05.12 14:11:00 | 000,199,108 | ---- | M] () -- C:\Users\Lala\110512_141053.jpg [2011.05.12 13:57:18 | 000,264,096 | ---- | M] () -- C:\Users\Lala\110512_135716.jpg [2011.05.12 13:57:00 | 000,212,944 | ---- | M] () -- C:\Users\Lala\110512_135658.jpg [2011.05.12 13:54:02 | 000,224,884 | ---- | M] () -- C:\Users\Lala\110512_135355.jpg [2011.05.11 19:53:00 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2011.05.10 22:55:40 | 000,025,632 | ---- | M] () -- C:\Users\Lala\Documents\Unbenannt 1.odt [2011.05.04 22:05:51 | 000,023,859 | ---- | M] () -- C:\Users\Lala\Documents\PROJEKT einleitung.odt [2011.05.03 13:36:07 | 000,012,900 | ---- | M] () -- C:\Users\Lala\Documents\PROJEKT deckblatt & inhaltsangabe.odt [2011.05.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.27 18:54:36 | 000,005,226 | ---- | C] () -- C:\Users\Lala\.recently-used.xbel [2011.05.26 22:39:27 | 000,013,245 | ---- | C] () -- C:\Users\Lala\Documents\handout.odt [2011.05.26 20:33:18 | 001,599,857 | ---- | C] () -- C:\Users\Lala\Documents\präsentation 1. generation.odp [2011.05.24 17:38:36 | 000,001,025 | ---- | C] () -- C:\Users\Lala\Desktop\OpenOffice.org Impress.lnk [2011.05.23 21:39:28 | 000,287,357 | ---- | C] () -- C:\Users\Lala\110523_164840.jpg [2011.05.23 21:39:28 | 000,265,540 | ---- | C] () -- C:\Users\Lala\110523_164829.jpg [2011.05.23 21:39:28 | 000,246,066 | ---- | C] () -- C:\Users\Lala\110523_164729.jpg [2011.05.23 21:39:28 | 000,074,933 | ---- | C] () -- C:\Users\Lala\110523_164758.jpg [2011.05.23 21:39:28 | 000,040,643 | ---- | C] () -- C:\Users\Lala\110523_164850.jpg [2011.05.23 21:39:28 | 000,037,025 | ---- | C] () -- C:\Users\Lala\110523_164747.jpg [2011.05.23 21:39:28 | 000,025,493 | ---- | C] () -- C:\Users\Lala\110523_164529.jpg [2011.05.23 21:39:28 | 000,023,043 | ---- | C] () -- C:\Users\Lala\110523_164515.jpg [2011.05.23 21:39:28 | 000,020,856 | ---- | C] () -- C:\Users\Lala\110523_164815.jpg [2011.05.23 19:33:08 | 000,016,008 | ---- | C] () -- C:\Users\Lala\Documents\franz.odt [2011.05.23 15:10:04 | 000,205,926 | ---- | C] () -- C:\Users\Lala\110518_153920.jpg [2011.05.23 15:10:04 | 000,194,873 | ---- | C] () -- C:\Users\Lala\110517_101200 (1).jpg [2011.05.23 15:10:04 | 000,185,906 | ---- | C] () -- C:\Users\Lala\110517_101216 (1).jpg [2011.05.23 15:10:04 | 000,185,853 | ---- | C] () -- C:\Users\Lala\110517_101112 (1).jpg [2011.05.23 15:10:04 | 000,173,555 | ---- | C] () -- C:\Users\Lala\110517_101226 (1).jpg [2011.05.23 15:10:04 | 000,162,162 | ---- | C] () -- C:\Users\Lala\110518_153951.jpg [2011.05.23 13:24:34 | 000,000,652 | ---- | C] () -- C:\Users\Lala\Desktop\ISLAND (2).lnk [2011.05.22 23:09:36 | 000,000,537 | ---- | C] () -- C:\Users\Lala\Desktop\Erdkunde.lnk [2011.05.21 15:56:15 | 001,834,000 | ---- | C] () -- C:\Users\Lala\Documents\Erdkunde.odp [2011.05.18 16:35:19 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job [2011.05.17 14:59:05 | 000,173,555 | ---- | C] () -- C:\Users\Lala\110517_101226.jpg [2011.05.17 14:59:04 | 000,194,873 | ---- | C] () -- C:\Users\Lala\110517_101200.jpg [2011.05.17 14:59:04 | 000,185,906 | ---- | C] () -- C:\Users\Lala\110517_101216.jpg [2011.05.17 14:59:04 | 000,185,853 | ---- | C] () -- C:\Users\Lala\110517_101112.jpg [2011.05.14 00:18:15 | 000,002,041 | ---- | C] () -- C:\Users\Lala\Desktop\Google Chrome.lnk [2011.05.14 00:16:58 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1517091641-2711735598-3790612392-1000UA.job [2011.05.14 00:16:54 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1517091641-2711735598-3790612392-1000Core.job [2011.05.13 16:46:16 | 000,224,884 | ---- | C] () -- C:\Users\Lala\110512_135355.jpg [2011.05.13 16:46:15 | 000,297,972 | ---- | C] () -- C:\Users\Lala\110512_141203.jpg [2011.05.13 16:46:15 | 000,287,050 | ---- | C] () -- C:\Users\Lala\110512_141152.jpg [2011.05.13 16:46:15 | 000,226,016 | ---- | C] () -- C:\Users\Lala\110512_141137.jpg [2011.05.13 16:46:14 | 000,229,668 | ---- | C] () -- C:\Users\Lala\110512_141128.jpg [2011.05.13 16:46:13 | 000,199,108 | ---- | C] () -- C:\Users\Lala\110512_141053.jpg [2011.05.13 16:46:13 | 000,190,104 | ---- | C] () -- C:\Users\Lala\110512_141111.jpg [2011.05.13 16:46:10 | 000,264,096 | ---- | C] () -- C:\Users\Lala\110512_135716.jpg [2011.05.13 16:46:10 | 000,212,944 | ---- | C] () -- C:\Users\Lala\110512_135658.jpg [2011.05.11 19:53:00 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk [2011.05.10 22:55:38 | 000,025,632 | ---- | C] () -- C:\Users\Lala\Documents\Unbenannt 1.odt [2011.05.03 13:41:56 | 000,023,859 | ---- | C] () -- C:\Users\Lala\Documents\PROJEKT einleitung.odt [2011.05.03 13:36:04 | 000,012,900 | ---- | C] () -- C:\Users\Lala\Documents\PROJEKT deckblatt & inhaltsangabe.odt [2010.07.21 20:53:42 | 000,000,581 | ---- | C] () -- C:\Windows\eReg.dat [2010.05.08 12:46:34 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys [2009.05.31 20:58:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.05.31 10:07:10 | 000,007,592 | ---- | C] () -- C:\Users\Lala\AppData\Local\d3d9caps.dat [2009.05.17 15:30:09 | 000,010,462 | ---- | C] () -- C:\Users\Lala\AppData\Roaming\wklnhst.dat [2009.05.12 16:07:05 | 000,134,360 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.12 13:52:45 | 000,101,376 | ---- | C] () -- C:\Users\Lala\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.12 13:32:12 | 000,134,360 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.04.12 16:43:17 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.04.12 16:32:43 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.04.12 16:32:43 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2009.04.12 16:32:43 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.04.12 16:32:42 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.04.12 16:31:30 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.04.12 16:31:30 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.04.12 16:31:30 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.04.09 13:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2009.03.12 12:47:51 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.12 12:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.12 12:47:51 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.12 12:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 04:09:35 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.03.12 04:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,319,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A724744F @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:81365633 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F7F6E6CB @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:6C5EC3CD @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:8750DCE4 < End of report > Extras.Txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.05.2011 19:00:20 - Run 1 OTL by OldTimer - Version Folder = c:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,44% Memory free 6,19 Gb Paging File | 4,49 Gb Available in Paging File | 72,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288,32 Gb Total Space | 70,52 Gb Free Space | 24,46% Space Free | Partition Type: NTFS Drive E: | 3,68 Gb Total Space | 3,68 Gb Free Space | 99,81% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2E49341F-1388-4C40-8B5D-2A1659348A6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{DB737535-AD21-4F7D-AD85-7DD6B1F2FD1E}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{098E8170-A894-4DF3-9A79-C6E5D5E5AF03}" = protocol=6 | dir=in | app=c:\users\lala\downloads\facemoods.exe | "{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{19AF31FA-4643-41AB-AD5E-7A081FD47F36}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "{1AFEFD19-DCDC-4FD5-9BE3-C470C5E5085F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{2EDDA7F0-6A9B-455F-AB25-CA32E4D94FE9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{516D48A2-1446-4C28-8ADF-CF9516DB091A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{53FC81CE-CE85-4239-8A89-2FDD2577F5E8}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{68BF73C9-E85B-4FDF-9E1A-544797E8DCA2}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{7DCEB5B7-7876-4E0A-92FA-22D480E78170}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{897D42FF-6B58-44D9-A3B7-DD28706B883A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8BC11B6A-2CE7-4C94-B420-318A08431276}" = protocol=17 | dir=in | app=c:\users\lala\downloads\facemoods.exe | "{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{96BE1936-FC98-417E-8478-1F49D11BDD40}" = protocol=6 | dir=in | app=c:\users\lala\downloads\sweetimsetup.exe | "{96C11CA6-84DB-4D58-B2C8-98F463EBA933}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{9E048D11-D1FF-4089-A213-B02D57F8E049}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B4546160-5C89-446D-B68F-E4F6FD712DA4}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{BBCFAE72-64AF-4060-B4C3-EE4B467F3FE4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{BEBDF9F3-574A-4255-93E7-651FEFBD323D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{CF44D776-3632-42A9-B5ED-A25497E5119F}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "{D2674DA5-9D53-4388-BD32-717C2AEAB3BD}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | "{DB134AC3-31B7-4AED-92F8-6E4E80ABCFED}" = protocol=17 | dir=in | app=c:\users\lala\downloads\sweetimsetup.exe | "{F2D0E040-5B5C-464C-B043-8CDC82FC403C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118721790}" = Happyville - Quest For Utopia "{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9 "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator "{BF962E1B-D17A-4713-A100-6531A132D83D}_is1" = Foto-Mosaik-Edda 5.5.0 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB074E88-3EF6-4DA1-BB05-A6AC105E29BC}" = Pferderennstall "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Acer Screensaver" = Acer ScreenSaver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "AMCap" = AMCap "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BFGC" = Big Fish Games: Game Manager "BFG-Happyville - Die Herausforderung Utopia" = Happyville: Die Herausforderung Utopia "Canon MP250 series Benutzerregistrierung" = Canon MP250 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Dream Day First Home_is1" = Dream Day First Home "DSGPlayer" = RTL GAME CENTER "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EADM" = EA Download Manager "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "EOS USB WIA Driver" = EOS USB WIA Driver "facemoods" = Facemoods Toolbar "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Download Manager_is1" = Free Download Manager 3.0 "Free YouTube Download_is1" = Free YouTube Download 2.6 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "Genius Biologie" = Genius Biologie (remove only) "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "kikin Plugin (Foto-Mosaik-Edda Edition)" = kikin Plugin (Foto-Mosaik-Edda Edition) 1.11 "LManager" = Launch Manager "Meine Tierpension 2 Demo" = Meine Tierpension 2 Demo "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0 "MSC" = McAfee SecurityCenter "NVIDIA Drivers" = NVIDIA Drivers "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "PokerStars.net" = PokerStars.net "SpeedFan" = SpeedFan (remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "Zoo Tycoon 1.0" = Microsoft Zoo Tycoon ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Ist das GMER auch wichtig? Da stand ''Nur bei 32 bit Systemen'', weiß aber nicht was das ist! Danke! |
Virus - 'TR/Crypt.XPACK.Gen' [trojan] Ja, GMER bitte ausführen. Du hast auch ein 32-Bit-Betriebssystem.
| ![]() Virus - 'TR/Crypt.XPACK.Gen' [trojan] Hm, dank GMER ist mein Pc seit langen wieder mit blauen Bildschirm und weißer Schrift abgestürzt. Die nächsten 3 male kam nach kurzer zeit: Das Programm funktioniert nicht mehr und muss geschlossen werden. Ist GMER zwingend notwendig? Möchte ungerne, dass sich das jetzt alles wieder verschlechtert auf meinem Pc. :/ Logs bei Antivir find ich nicht. |
Virus - 'TR/Crypt.XPACK.Gen' [trojan] Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
