TR/Crypt.XPAC.Gen - Nach jedem Reboot

stadtaffe · 21.06.2010, 16:01

Hi cosinus, schonmal Danke für deine Hilfe!

Vollscan von Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4220

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.06.2010 16:54:43
mbam-log-2010-06-21 (16-54-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 170590
Laufzeit: 38 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ER4ZIV0T\wcap[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Logs von OTL:

Code:

ATTFilter

OTL logfile created on: 21.06.2010 16:56:15 - Run 1
OTL by OldTimer - Version 3.2.6.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
479,00 Mb Total Physical Memory | 170,00 Mb Available Physical Memory | 36,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35,90 Gb Total Space | 23,21 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
Drive D: | 36,17 Gb Total Space | 36,15 Gb Free Space | 99,93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BENQ
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (GT72NDISIPXP) -- C:\WINDOWS\system32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\WINDOWS\system32\drivers\gt72ubus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\WINDOWS\system32\drivers\gtptser.sys (Option N.V.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (ASNDIS5) -- C:\WINDOWS\system32\asndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SCUSBHW) -- C:\WINDOWS\system32\drivers\SCUSB.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.benq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.0.0.253:3182
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "h**p://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.14 20:53:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.06 11:20:32 | 000,000,000 | ---D | M]
 
[2008.08.14 18:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2008.08.14 18:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2010.06.21 15:36:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7v88eylo.default\extensions
[2010.06.10 12:24:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7v88eylo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.21 15:36:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\7v88eylo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.08.14 15:53:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.25 08:10:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.25 08:10:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.25 08:10:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.25 08:10:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.25 08:10:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.07.28 14:02:53 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169642808343 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32 uprd.zrf) - C:\WINDOWS\System32\uprd.zrf ()
O20 - HKLM Winlogon: Shell - (jmihxr3) -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{87e8d2b8-0d5a-11de-85a9-0017c4010aea}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{b207234c-c870-11dd-84db-0017c4010aea}\Shell - "" = AutoRun
O33 - MountPoints2\{b207234c-c870-11dd-84db-0017c4010aea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b207234c-c870-11dd-84db-0017c4010aea}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.21 15:58:35 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.21 15:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2010.06.21 15:45:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation
[2010.06.21 15:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.06.21 15:44:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.21 15:44:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.21 15:44:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.21 15:44:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.21 15:38:22 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.06.21 15:29:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.21 15:26:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\QuickScan
[2010.06.09 20:13:28 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.06.06 12:13:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010.06.06 12:13:37 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010.06.06 11:22:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer
[2010.06.06 11:21:50 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010.06.06 11:21:02 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.06.06 11:20:52 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.06.06 11:20:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.06 11:19:58 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.06.06 11:19:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.06.06 11:19:44 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.06.06 11:19:28 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010.06.06 11:19:09 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.06.06 11:18:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.06.06 11:18:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010.06.03 11:55:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.21 16:55:07 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\jxjt.sys
[2010.06.21 16:04:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.21 16:03:27 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.06.21 16:03:27 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.06.21 16:03:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.21 16:03:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.21 16:03:05 | 501,919,744 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.21 16:01:59 | 006,815,744 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.06.21 16:01:59 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.06.21 16:01:49 | 004,822,146 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.20 18:28:13 | 000,008,042 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Treppenpodest.pdf
[2010.06.20 17:32:34 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2010.06.20 17:01:05 | 000,000,606 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.20 17:01:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.20 17:01:05 | 000,000,193 | RHS- | M] () -- C:\boot.ini
[2010.06.18 09:44:13 | 000,044,534 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[2010.06.17 21:36:10 | 000,003,974 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[2010.06.17 14:24:41 | 000,005,617 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\PXXX.pdf
[2010.06.17 11:23:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\uprd.zrf
[2010.06.16 19:35:00 | 000,074,752 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX
[2010.06.16 08:29:58 | 000,011,740 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[2010.06.10 18:32:04 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.10 18:07:21 | 001,039,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.10 18:07:21 | 000,464,418 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.10 18:07:21 | 000,445,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.10 18:07:21 | 000,086,604 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.10 18:07:21 | 000,072,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.10 14:59:14 | 000,127,488 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.08 12:24:19 | 000,053,248 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\XXX.doc
[2010.06.08 11:28:24 | 051,103,744 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.07 12:19:51 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.06 17:53:40 | 017,626,624 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.06 17:04:38 | 020,470,784 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.05 13:12:46 | 017,626,112 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.05 12:22:58 | 000,000,587 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit XXX.lnk
[2010.06.04 13:28:32 | 000,115,593 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXXn.pdf
[2010.06.01 17:35:34 | 000,196,769 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[2010.05.27 11:18:37 | 000,043,835 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.21 16:55:07 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\jxjt.sys
[2010.06.20 18:28:13 | 000,008,042 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[2010.06.20 17:32:34 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\$_hpcst$.hpc
[2010.06.20 17:32:10 | 501,919,744 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.18 09:44:12 | 000,044,534 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienXXX.pdf
[2010.06.17 21:36:09 | 000,003,974 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXXy.pdf
[2010.06.17 14:24:40 | 000,005,617 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[2010.06.17 11:23:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\uprd.zrf
[2010.06.16 19:35:00 | 000,074,752 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\NXXX
[2010.06.16 08:29:57 | 000,011,740 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXXk.pdf
[2010.06.10 14:59:14 | 000,127,488 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\BXXX.doc
[2010.06.08 12:24:19 | 000,053,248 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\XXX..doc
[2010.06.07 12:19:51 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.06 17:53:39 | 017,626,624 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.06 16:57:38 | 020,470,784 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.06 16:35:12 | 003,444,348 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\XXXy.jpg
[2010.06.06 16:35:12 | 000,658,116 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5684.JPG
[2010.06.06 16:35:12 | 000,412,146 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_6984.JPG
[2010.06.06 16:35:12 | 000,047,680 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\DSC_0134.JPG
[2010.06.06 14:47:41 | 051,103,744 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.06.05 12:22:58 | 000,000,587 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Verknüpfung mit XXX.lnk
[2010.06.04 13:28:31 | 000,115,593 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[2010.06.01 17:35:33 | 000,196,769 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[2010.05.27 14:47:09 | 017,626,112 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.doc
[2010.05.27 11:18:36 | 000,043,835 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\XXX.pdf
[2008.07.24 21:57:33 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007.12.04 16:11:09 | 000,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.11.29 18:47:26 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.04.05 20:57:04 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\hpgt34.dll
[2007.02.26 21:08:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.01.30 18:05:54 | 000,175,900 | ---- | C] () -- C:\WINDOWS\System32\drivers\SCUSB.SYS
[2007.01.30 18:05:54 | 000,175,804 | ---- | C] () -- C:\WINDOWS\System32\drivers\SESCUSB.SYS
[2007.01.24 20:41:05 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL
[2006.05.17 08:33:41 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.05.17 08:33:41 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.05.17 08:33:40 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.05.17 08:33:38 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.05.17 08:33:34 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.04.23 01:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006.01.01 19:41:31 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006.01.01 18:58:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.01.01 02:35:05 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1980.01.01 01:00:00 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 21.06.2010 16:56:15 - Run 1
OTL by OldTimer - Version 3.2.6.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
479,00 Mb Total Physical Memory | 170,00 Mb Available Physical Memory | 36,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35,90 Gb Total Space | 23,21 Gb Free Space | 64,66% Space Free | Partition Type: NTFS
Drive D: | 36,17 Gb Total Space | 36,15 Gb Free Space | 99,93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BENQ
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE3A33F-150B-4F75-9377-FD9DD7D15B18}" = USB Reader (SC3SE)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{ABA94597-8E75-4C53-A6CB-0E49C62F29DA}" = Interstil
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D373ABA1-34FD-4FE5-85BE-58D0ED01D4C9}" = Application Suite
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EditNumbers_is1" = EditNumbers 3.0.9
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{ABA94597-8E75-4C53-A6CB-0E49C62F29DA}" = Interstil
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ScanToPDF" = ScanToPDF 3.2.0
"STANDARD" = Microsoft Office Standard 2007
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.06.2010 17:30:35 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1969
 
Error - 17.06.2010 17:30:37 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.06.2010 17:30:37 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3953
 
Error - 17.06.2010 17:30:37 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3953
 
Error - 17.06.2010 17:30:39 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.06.2010 17:30:39 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6031
 
Error - 17.06.2010 17:30:39 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6031
 
Error - 21.06.2010 07:37:38 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 21.06.2010 07:37:38 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2047
 
Error - 21.06.2010 07:37:38 | Computer Name = BENQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2047
 
[ OSession Events ]
Error - 25.09.2009 03:00:11 | Computer Name = BENQ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 21.06.2010 10:12:15 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 21.06.2010 10:12:15 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 21.06.2010 10:12:15 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 21.06.2010 10:12:15 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 21.06.2010 10:12:15 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 21.06.2010 10:12:15 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 21.06.2010 10:12:15 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 21.06.2010 10:12:15 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 21.06.2010 10:12:15 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 21.06.2010 10:12:16 | Computer Name = BENQ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
 
< End of report >

TR/Crypt.XPAC.Gen - Nach jedem Reboot

Log-Analyse und Auswertung: TR/Crypt.XPAC.Gen - Nach jedem Reboot

TR/Crypt.XPAC.Gen - Nach jedem Reboot

Ähnliche Themen: TR/Crypt.XPAC.Gen - Nach jedem Reboot