| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.10.2011, 22:10
| #9 |
| |  TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam Hi, hier sind die Logfiles: OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.10.2011 21:52:40 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hobbit\Downloads 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,09% Memory free 7,99 Gb Paging File | 6,70 Gb Available in Paging File | 83,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 766,79 Gb Free Space | 82,33% Space Free | Partition Type: NTFS Computer Name: HOBBIT-PC | User Name: Hobbit | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hobbit\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (lkbdhlpr) -- C:\Windows\SysWOW64\drivers\lkbdhlpr.sys (Logitech Inc. ) DRV - (i8042prt) -- C:\Windows\SysWOW64\drivers\L8042prt.sys (Logitech) DRV - (LSERMOUS) -- C:\Windows\SysWOW64\drivers\Lsermous.sys (Logitech) DRV - (lmoufltr) -- C:\Windows\SysWOW64\drivers\Lmoufltr.sys (Logitech) DRV - (lkbdfltr) -- C:\Windows\SysWOW64\drivers\Lkbdfltr.sys (Logitech) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0f369707-379f-46df-a5c5-d04390f3459b} - SOFTWARE\Classes\CLSID\{0f369707-379f-46df-a5c5-d04390f3459b}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 B8 C8 5C 35 67 CB 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1 FF - prefs.js..extensions.enabledItems: {0f369707-379f-46df-a5c5-d04390f3459b}:3.3.2.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.12 19:27:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.01 14:52:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.10.09 17:31:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.01 14:52:05 | 000,000,000 | ---D | M] [2010.10.09 17:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hobbit\AppData\Roaming\mozilla\Extensions [2010.10.09 17:31:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hobbit\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.28 12:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hobbit\AppData\Roaming\mozilla\Firefox\Profiles\g4d62m6f.default\extensions [2011.09.28 12:38:31 | 000,000,000 | ---D | M] (Funload.de Community Toolbar) -- C:\Users\Hobbit\AppData\Roaming\mozilla\Firefox\Profiles\g4d62m6f.default\extensions\{0f369707-379f-46df-a5c5-d04390f3459b} [2011.08.01 23:41:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hobbit\AppData\Roaming\mozilla\Firefox\Profiles\g4d62m6f.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.09.28 12:38:32 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Hobbit\AppData\Roaming\mozilla\Firefox\Profiles\g4d62m6f.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.31 18:47:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hobbit\AppData\Roaming\mozilla\Firefox\Profiles\g4d62m6f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.28 15:57:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Hobbit\AppData\Roaming\mozilla\Firefox\Profiles\g4d62m6f.default\extensions\engine@conduit.com [2011.01.31 19:24:50 | 000,000,873 | ---- | M] () -- C:\Users\Hobbit\AppData\Roaming\Mozilla\Firefox\Profiles\g4d62m6f.default\searchplugins\conduit.xml [2011.06.25 16:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.02.08 21:38:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.10.09 17:23:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.15 13:54:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.02.03 21:00:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.03.11 12:30:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.25 16:44:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.09.12 19:27:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.12 19:27:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.12 19:27:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.12 19:27:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.12 19:27:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.12 19:27:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.12 19:27:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2011.10.16 23:00:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Funload.de Toolbar) - {0f369707-379f-46df-a5c5-d04390f3459b} - C:\Program Files (x86)\Funload.de\tbFunl.dll File not found O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Funload.de Toolbar) - {0f369707-379f-46df-a5c5-d04390f3459b} - C:\Program Files (x86)\Funload.de\tbFunl.dll File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EM_EXEC] C:\PROGRA~2\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE (Logitech Inc. ) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [zBrowser Launcher] C:\PROGRA~2\Logitech\iTouch\iTouch.exe (Logitech, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hobbit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hobbit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E290FCE-6D70-4506-AE46-64220D610462}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.10.17 21:04:46 | 000,000,000 | ---D | C] -- C:\Users\Hobbit\AppData\Roaming\Malwarebytes [2011.10.17 21:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.17 21:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.17 21:03:51 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.10.17 21:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.10.17 20:58:20 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.10.17 20:58:20 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.10.17 20:58:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011.10.17 20:58:20 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.10.17 20:58:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.10.17 20:58:12 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011.10.17 20:58:12 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2011.10.17 20:58:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2011.10.17 20:58:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2011.10.17 20:58:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2011.10.17 20:58:11 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.10.17 20:58:11 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.10.16 23:00:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.10.16 20:19:41 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.10.16 17:58:15 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.10.12 19:32:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.10.12 19:32:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.10.12 19:32:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.10.12 19:32:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.10.12 19:32:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.10.12 19:26:45 | 004,255,709 | R--- | C] (Swearware) -- C:\Users\Hobbit\Desktop\ComboFix.exe [2011.10.01 14:40:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.09.27 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\Hobbit\Documents\winf1821 [2011.09.20 16:38:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\W-Sem-Chaos [1 C:\Users\Hobbit\AppData\Local\*.tmp files -> C:\Users\Hobbit\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.19 21:58:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.19 20:15:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.19 17:58:58 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.19 16:39:08 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys [2011.10.18 18:18:34 | 002,745,884 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.18 18:18:34 | 001,226,006 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.18 18:18:34 | 000,778,300 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.18 18:18:34 | 000,688,738 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.18 18:18:34 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.18 03:58:29 | 000,299,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.17 21:04:18 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.17 20:48:20 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.17 20:48:20 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.17 06:46:04 | 000,023,970 | ---- | M] () -- C:\Users\Hobbit\Desktop\A2.odt [2011.10.17 06:41:38 | 000,023,970 | ---- | M] () -- C:\Users\Hobbit\Documents\A1.odt [2011.10.16 23:00:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.10.12 19:26:45 | 004,255,709 | R--- | M] (Swearware) -- C:\Users\Hobbit\Desktop\ComboFix.exe [2011.10.08 00:05:51 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.07 17:23:15 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2011.10.07 17:22:54 | 000,144,897 | ---- | M] () -- C:\Users\Hobbit\Documents\Fraktale mit Serpinski Dreieck Ähnlichkeit.odt [2011.10.04 17:30:50 | 000,442,053 | ---- | M] () -- C:\Users\Hobbit\Documents\Facharbeit.odt [2011.10.01 14:40:34 | 354,619,346 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Users\Hobbit\AppData\Local\*.tmp files -> C:\Users\Hobbit\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.17 21:04:18 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.17 06:46:04 | 000,023,970 | ---- | C] () -- C:\Users\Hobbit\Desktop\A2.odt [2011.10.17 06:41:38 | 000,023,970 | ---- | C] () -- C:\Users\Hobbit\Documents\A1.odt [2011.10.12 19:32:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011.10.12 19:32:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.10.12 19:32:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.10.12 19:32:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.10.12 19:32:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.10.05 21:02:56 | 000,144,897 | ---- | C] () -- C:\Users\Hobbit\Documents\Fraktale mit Serpinski Dreieck Ähnlichkeit.odt [2011.10.01 14:40:34 | 354,619,346 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.09.02 01:09:33 | 000,000,000 | ---- | C] () -- C:\Users\Hobbit\AppData\Local\{46C64DC0-BE06-4046-8D67-0D545B5B86EF} [2011.09.02 01:08:35 | 000,000,000 | ---- | C] () -- C:\Users\Hobbit\AppData\Local\{C98F42BB-868D-4059-82E8-8EB4F1D7FE48} [2011.02.08 21:43:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.05 16:11:09 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.01.05 16:11:08 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.01.05 16:11:08 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.01.02 13:27:00 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.02 13:26:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.01.02 13:26:57 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2010.11.08 19:45:02 | 000,103,424 | ---- | C] () -- C:\Windows\SysWow64\LGUICOM.DLL [2010.11.08 19:45:02 | 000,000,518 | ---- | C] () -- C:\Windows\Cmousecc.ini [2010.10.19 18:11:26 | 000,000,415 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 19.10.2011 21:52:40 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Hobbit\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,09% Memory free
7,99 Gb Paging File | 6,70 Gb Available in Paging File | 83,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 766,79 Gb Free Space | 82,33% Space Free | Partition Type: NTFS
Computer Name: HOBBIT-PC | User Name: Hobbit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98786147-80E3-41A5-A80C-1F3C028558CF}" = Hearts of Iron 2
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{B49C924C-A651-4378-94F6-5D9BF44A959F}" = EE-ZDE
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}" = Armageddon
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F400BA3B-B134-4701-8536-68A99CD44F5A}" = Far Cry (OEM)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Apophysis 2.0" = Apophysis 2.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Company of Heroes" = Company of Heroes
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"dzperl_is1" = DzSoft Perl Editor 5.8.8
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"Funload.de Toolbar" = Funload.de Toolbar
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F400BA3B-B134-4701-8536-68A99CD44F5A}" = Far Cry (OEM)
"Logitech iTouch" = Logitech iTouch-Software
"Logitech MouseWare" = Logitech MouseWare 8.46
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"S4Uninst" = Die Siedler IV
"Siedler3Deinstall" = Siedler3
"TeamViewer 5" = TeamViewer 5
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Ultra Fractal 5.04" = Ultra Fractal 5.04
"Uninstall_is1" = Uninstall 1.0.0.1
"Verteidigung des Auenlandes Mod" = Verteidigung des Auenlandes Mod (remove only)
"Virtuosa" = Virtuosa
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.10.2011 21:11:16 | Computer Name = Hobbit-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 17.10.2011 21:11:16 | Computer Name = Hobbit-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
erste DWORD im Datenbereich.
Error - 17.10.2011 21:11:16 | Computer Name = Hobbit-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 17.10.2011 21:11:16 | Computer Name = Hobbit-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 17.10.2011 21:11:16 | Computer Name = Hobbit-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "MSDTC Bridge 4.0.0.0" (MSDTC Bridge 4.0.0.0). Der Fehlercode ist das
erste DWORD im Datenbereich.
Error - 18.10.2011 11:13:17 | Computer Name = Hobbit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version:
5.1.9290.0, Zeitstempel: 0x4cac5fe7 Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7600.16695, Zeitstempel: 0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046d5e
ID
des fehlerhaften Prozesses: 0x778 Startzeit der fehlerhaften Anwendung: 0x01cc8d9f164514f5
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: b49ca454-f99b-11e0-b331-1c6f65248fb2
Error - 18.10.2011 12:17:35 | Computer Name = Hobbit-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 18.10.2011 12:17:35 | Computer Name = Hobbit-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 18.10.2011 12:17:35 | Computer Name = Hobbit-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 19.10.2011 15:15:43 | Computer Name = Hobbit-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version:
5.1.9290.0, Zeitstempel: 0x4cac5fe7 Name des fehlerhaften Moduls: ntdll.dll, Version:
6.1.7600.16695, Zeitstempel: 0x4cc7ab86 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046d5e
ID
des fehlerhaften Prozesses: 0xb48 Startzeit der fehlerhaften Anwendung: 0x01cc8e7ff0a53e2f
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: bd2afbc6-fa86-11e0-9705-1c6f65248fb2
[ System Events ]
Error - 19.10.2011 15:15:18 | Computer Name = Hobbit-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 19.10.2011 15:15:21 | Computer Name = Hobbit-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 19.10.2011 15:15:24 | Computer Name = Hobbit-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 19.10.2011 15:15:27 | Computer Name = Hobbit-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 19.10.2011 15:15:30 | Computer Name = Hobbit-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 19.10.2011 15:15:33 | Computer Name = Hobbit-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 19.10.2011 15:15:36 | Computer Name = Hobbit-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 19.10.2011 15:15:39 | Computer Name = Hobbit-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 19.10.2011 15:15:42 | Computer Name = Hobbit-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error - 19.10.2011 15:15:44 | Computer Name = Hobbit-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "TeamViewer 5" wurde unerwartet beendet. Dies ist bereits 3
Mal passiert.
< End of report >
|
| Themen zu TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam |
| anmelden, avira, betriebssystem, computer, gebraucht, gelöst, hochfahren, langsam, laptop, löschen, melden, pc extrem langsam, plötzlich, problem, programm, quarantäne, schutz, total, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.zpack.gen, trojaner, virenschutz, windows, windows 7, windows 7 64bit |
Baum-Darstellung