TR/Crypt.ZPACK + TR/Trash.Gen + HTML/Silly.Gen + Trivial-28 (A) Teil 1

McSharp · 26.07.2009, 18:01

Hallo,

ich habe Probleme mit o. g. Trojanern bzw. Viren.
Beim Durchlaufen der Ad-Aware Free Anniversary Edition am 16.07.2009 ist mein AntiVir Personal angesprungen und hat mir den TR/Crypt.ZPACK gemeldet, den ich dann in die Quarantäne gesetzt habe. Am 24.07.2009 wurde mir von AntiVir der TR/Trash.Gen gemeldet, den ich ebenso in die Quarantäne gesetzt habe.
Heute habe ich die Ad-Aware Free Anniversary Edition erneut durchlaufen lassen und da wurde mir von AntiVir der HTML/Silly.Gen und der Trivial-28 (A), die ich auch in die Quarantäne gesetzt habe.
In der Zeit seit dem 16.07.2009 habe ich AntiVir und Malwarebytes mehrmals gestartet, doch haben sich die Programme sehr gerne bei irgendwelchen .tmp-Datein aufgehangen. Zum Beispiel bei: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\set1ED.tmp oder MAR7DE.tmp oder wbk.126.tmp oder STS217.tmp. Weiß jemand woran das liegen könnte?
Jetzt aber zurück zu meinem eigentlichen Problem. Ich würde gerne wissen, ob mein System nachhaltig infiziert ist. Nach diesen ganzen Meldungen habe ich mich entschlossen, mich hier im Board anzumelden, da ich auf eure Hilfe hoffe. Ich habe die Anweisungen Befolgt und die drei genannt Programme durchlaufen lassen mit folgendem Ergebnis:

McSharp · 26.07.2009, 18:03

Logfile of random's system information tool 1.06 (written by random/random)
Run by Stephan Scharf at 2009-07-26 15:52:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 215 GB (90%) free of 238 GB
Total RAM: 1023 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:12, on 26.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\svchost.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Programme\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
C:\Programme\Softwin\BitDefender8\vsserv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Apps\Softex\OmniPass\scureapp.exe
C:\apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
K:\Winamp\winampa.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Programme\Softwin\BitDefender8\bdnagent.exe
C:\Programme\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Messenger\msmsgs.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCE.EXE
c:\programme\avira\antivir desktop\avcenter.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Dokumente und Einstellungen\Stephan Scharf\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
K:\Trend Micro\HijackThis\Stephan Scharf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=GE&range=AD&phase=6&key=SEARCH
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [PCMService] "c:\apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wlconfig] "C:\Programme\WLAN Monitor\wlconfig.exe" -autostart
O4 - HKLM\..\Run: [WinampAgent] K:\Winamp\winampa.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender8\bdnagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus D120 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCE.EXE /FU "C:\WINDOWS\TEMP\E_S9D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\ger.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5687/mcfscan.cab
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O23 - Service: AccSys WiFi Component (accsvc) - AccSys GmbH - C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\apps\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Update Service (gupdate1ca0619da663b84) (gupdate1ca0619da663b84) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programme\Softwin\BitDefender8\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12542 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Erweiterte Garantie.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Stephan Scharf.job
C:\WINDOWS\tasks\Registrierungserinnerung 1.job
C:\WINDOWS\tasks\Registrierungserinnerung 2.job
C:\WINDOWS\tasks\Registrierungserinnerung 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43D29D14-460E-4F3A-9037-E60F11EF12F0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2006-07-22 757760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Programme\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll [2006-07-22 757760]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"AzMixerSel"=C:\Programme\Realtek\InstallShield\AzMixerSel.exe [2005-06-08 57344]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-06-29 14720000]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"OmniPass"=C:\Apps\Softex\OmniPass\scureapp.exe [2005-08-12 1859584]
""= []
"PCMService"=c:\apps\Powercinema\PCMService.exe [2006-01-09 143360]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576]
"OpwareSE2"=C:\Programme\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2006-02-17 180269]
"wlconfig"=C:\Programme\WLAN Monitor\wlconfig.exe [2006-03-06 1347584]
"WinampAgent"=K:\Winamp\winampa.exe [2006-06-09 35328]
"BDMCon"=C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe [2005-11-07 417792]
"BDNewsAgent"=C:\Programme\Softwin\BitDefender8\bdnagent.exe [2005-05-09 8192]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2007-06-29 286720]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"ISTray"=C:\Programme\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Ad-Watch"=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-12 520024]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"EPSON Stylus D120 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCE.EXE [2007-03-12 182272]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll [2005-08-12 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=5F000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\Ahead\SIPPS\SIPPS.exe"="%ProgramFiles%\Ahead\SIPPS\SIPPS.exe:*:Enabled:SIPPS"
"%ProgramFiles%\sipgate X-Lite\sipgateXLite.exe"="%ProgramFiles%\sipgate X-Lite\sipgateXLite.exe:*:Enabled:sipgateXLite"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Programme\Yahoo!\Messenger\YServer.exe"="C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\Condition Zero\czero.exe"="D:\Condition Zero\czero.exe:*

isabled:Condition Zero Launcher"
"D:\Spiele\Defcon\defcon.exe"="D:\Spiele\Defcon\defcon.exe:*:Enabled

efcon"
"D:\Spiele\SimCity 3000 Deutschland\Apps\Updater\UPDATER.EXE"="D:\Spiele\SimCity 3000 Deutschland\Apps\Updater\UPDATER.EXE:*

isabled:SC3UpdaterMFC"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe"="C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"D:\Spiele\Age of Empires III\age3.exe"="D:\Spiele\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"D:\Spiele\A1602-PC-Backup\anno\1602.EXE"="D:\Spiele\A1602-PC-Backup\anno\1602.EXE:*:Enabled:1602"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"D:\Spiele\Grabenkrieg in Europa\unins000.exe"="D:\Spiele\Grabenkrieg in Europa\unins000.exe:*:Enabled: World War I - Grabenkrieg in Europa entfernen"
"D:\Spiele\Empire Earth II\EE2.exe"="D:\Spiele\Empire Earth II\EE2.exe:*:Enabled:Empire Earth II"
"D:\Spiele\PANZERS - Phase2\Run\Panzers_Phase_2.exe"="D:\Spiele\PANZERS - Phase2\Run\Panzers_Phase_2.exe:*:Enabled:Codename Panzers Phase 2"
"D:\Spiele\PANZERS - Phase1\Run\Panzers.exe"="D:\Spiele\PANZERS - Phase1\Run\Panzers.exe:*:Enabled:-"
"D:\Spiele\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="D:\Spiele\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"D:\Spiele\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD"="D:\Spiele\Microsoft Games\Age of Empires II\age2_x1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"D:\Spiele\Anno 1602\1602.EXE"="D:\Spiele\Anno 1602\1602.EXE:*:Enabled:1602"
"D:\GameSpy Arcade\Aphex.exe"="D:\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\Spiele\Sudden Strike II\game\code\Release\game_exe.exe"="D:\Spiele\Sudden Strike II\game\code\Release\game_exe.exe:*:Enabled:Game_Exe"
"C:\Programme\Hamachi\hamachi.exe"="C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\WINDOWS\temp\KD_installer.exe"="C:\WINDOWS\temp\KD_installer.exe:*:Enabled:Kabel Deutschland Installer"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"D:\Spiele\Knights Of Honor\KoH.exe"="D:\Spiele\Knights Of Honor\KoH.exe:*:Enabled:KoH"
"D:\Spiele\Age of Empire III\age3.exe"="D:\Spiele\Age of Empire III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Programme\VideoLAN\VLC\vlc.exe"="C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Spiele\Sid Meier's Civilization IV Colonization\Colonization.exe"="D:\Spiele\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization"
"D:\Spiele\Sudden Strike II\MultiModSwitcher.exe"="D:\Spiele\Sudden Strike II\MultiModSwitcher.exe:*:Enabled:MultiModSwitcher"
"C:\Programme\BitTornado\btdownloadgui.exe"="C:\Programme\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"D:\Spiele\Call of Duty 2\CoD2MP_s.exe"="D:\Spiele\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\AOL 9.0\waol.exe"="C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"C:\Programme\MSN Messenger\msncall.exe"="C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a437320-1085-11de-bdde-00038a000015}]
shell\AutoRun\command - Menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb2fd5d8-567d-11de-be5e-00038a000015}]
shell\AutoRun\command - M:\Toshiba\more4you.exe

McSharp · 26.07.2009, 18:04

======List of files/folders created in the last 1 months======

2009-07-26 15:52:07 ----D---- C:\rsit
2009-07-26 14:32:39 ----D---- C:\Programme\CCleaner
2009-07-25 10:21:33 ----D---- C:\WINDOWS\McAfee.com
2009-07-17 13:03:30 ----D---- C:\WINDOWS\ie8updates
2009-07-17 12:52:19 ----D---- C:\WINDOWS\Prefetch
2009-07-17 12:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-17 12:47:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-17 12:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-17 12:46:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-17 12:45:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-17 12:45:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-17 12:44:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-17 12:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-17 12:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-07-17 12:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-17 12:42:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-17 12:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-17 12:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-07-17 12:41:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-07-17 12:40:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-17 12:39:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-17 12:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-17 12:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-17 12:38:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-17 12:37:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-07-17 12:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-17 12:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-17 12:36:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-17 12:35:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-17 12:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-07-17 12:34:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-17 12:34:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-07-17 12:33:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-17 12:32:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-17 12:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-17 12:31:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-17 12:31:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-07-17 12:30:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-17 12:28:07 ----A---- C:\WINDOWS\000001_.tmp
2009-07-17 12:10:24 ----HDC---- C:\WINDOWS\ie8
2009-07-17 11:50:44 ----D---- C:\WINDOWS\WBEM
2009-07-17 11:47:53 ----D---- C:\WINDOWS\system32\en-US
2009-07-17 11:44:55 ----D---- C:\d853e3f54cc527d565
2009-07-17 00:45:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2009-07-17 00:45:03 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2009-07-17 00:03:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
2009-07-16 22:33:05 ----D---- C:\Dokumente und Einstellungen\Stephan Scharf\Anwendungsdaten\Malwarebytes
2009-07-16 22:32:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-16 15:32:07 ----D---- C:\Programme\NortonInstaller
2009-07-16 15:32:07 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
2009-07-14 22:34:51 ----D---- C:\Programme\Avira
2009-07-14 22:34:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-07-14 22:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-14 22:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-14 22:27:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-14 22:27:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-14 22:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 19:31:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-14 18:35:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_1$
2009-07-14 18:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-07-14 18:35:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_1$
2009-07-14 18:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_1$
2009-07-14 18:34:43 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-07-14 18:34:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_1$
2009-07-14 18:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_1$
2009-07-14 18:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_1$
2009-07-14 18:33:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-07-14 18:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_1$
2009-07-14 18:33:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_1$
2009-07-14 18:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_1$
2009-07-14 18:32:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_1$
2009-07-14 18:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_1$
2009-07-14 18:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-07-14 18:32:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_1$
2009-07-14 18:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_1$
2009-07-14 18:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_1$
2009-07-14 18:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_1$
2009-07-14 18:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_1$
2009-07-14 18:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_1$
2009-07-14 18:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-07-14 18:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_1$
2009-07-14 18:30:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_1$
2009-07-14 18:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_1$
2009-07-14 18:29:37 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-07-14 18:29:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_1$
2009-07-14 18:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_1$
2009-07-14 18:28:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_1$
2009-07-14 18:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_1$
2009-07-14 18:28:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_1$
2009-07-14 18:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_1$
2009-07-14 18:28:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_1$
2009-07-14 18:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_1$
2009-07-14 18:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_1$
2009-07-14 18:27:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_1$
2009-07-14 18:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-07-14 18:26:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_1$
2009-07-14 18:26:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_1$
2009-07-14 18:26:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_1$
2009-07-14 18:22:20 ----D---- C:\WINDOWS\system32\de-de
2009-07-14 18:22:18 ----D---- C:\WINDOWS\l2schemas
2009-07-14 18:22:17 ----D---- C:\WINDOWS\system32\de
2009-07-14 18:22:17 ----D---- C:\WINDOWS\system32\bits
2009-07-14 18:18:30 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-14 18:15:24 ----D---- C:\WINDOWS\network diagnostic
2009-07-14 18:10:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-14 18:08:10 ----D---- C:\WINDOWS\EHome
2009-07-14 17:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

======List of files/folders modified in the last 1 months======

2009-07-26 15:48:41 ----D---- C:\Programme\Mozilla Firefox
2009-07-26 15:47:23 ----D---- C:\WINDOWS
2009-07-26 15:44:53 ----D---- C:\WINDOWS\Temp
2009-07-26 15:08:34 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-07-26 14:58:10 ----SD---- C:\WINDOWS\Tasks
2009-07-26 14:55:42 ----D---- C:\WINDOWS\Minidump
2009-07-26 14:55:42 ----D---- C:\WINDOWS\Debug
2009-07-26 14:48:24 ----D---- C:\WINDOWS\system32\Lang
2009-07-26 14:48:22 ----AD---- C:\WINDOWS\system32
2009-07-26 14:48:20 ----D---- C:\Programme\WLAN Monitor
2009-07-26 14:47:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-26 14:46:53 ----D---- C:\WINDOWS\system32\drivers
2009-07-26 14:32:39 ----RD---- C:\Programme
2009-07-26 12:36:49 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-07-26 11:41:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2009-07-25 10:21:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-25 10:21:32 ----HD---- C:\WINDOWS\inf
2009-07-24 23:53:05 ----HD---- C:\Programme\InstallShield Installation Information
2009-07-24 21:25:43 ----A---- C:\WINDOWS\system32\pdfmona.dll
2009-07-24 21:25:43 ----A---- C:\WINDOWS\system32\pdfmon.dll
2009-07-24 11:38:26 ----D---- C:\Programme\Spyware Doctor
2009-07-17 13:21:29 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-17 13:21:26 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-17 13:10:20 ----D---- C:\WINDOWS\Help
2009-07-17 13:10:20 ----D---- C:\Programme\Internet Explorer
2009-07-17 13:03:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-17 12:36:09 ----D---- C:\WINDOWS\security
2009-07-17 12:32:00 ----D---- C:\Programme\Messenger
2009-07-17 12:29:04 ----D---- C:\WINDOWS\system32\oobe
2009-07-17 12:28:06 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-17 12:11:19 ----D---- C:\WINDOWS\Media
2009-07-17 11:50:58 ----D---- C:\WINDOWS\system32\config
2009-07-16 17:31:21 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared
2009-07-16 17:31:04 ----D---- C:\Programme\Norton Security Scan
2009-07-16 15:39:10 ----SHD---- C:\WINDOWS\Installer
2009-07-16 15:33:26 ----HD---- C:\Config.Msi
2009-07-16 15:32:18 ----D---- C:\Programme\Google
2009-07-14 22:34:01 ----D---- C:\WINDOWS\WinSxS
2009-07-14 22:33:47 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-07-14 18:43:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-14 18:41:14 ----D---- C:\WINDOWS\AppPatch
2009-07-14 18:41:13 ----D---- C:\WINDOWS\system32\wbem
2009-07-14 18:41:13 ----D---- C:\WINDOWS\system32\Setup
2009-07-14 18:41:12 ----RSD---- C:\WINDOWS\Fonts
2009-07-14 18:22:39 ----D---- C:\WINDOWS\ime
2009-07-14 18:22:20 ----D---- C:\WINDOWS\system32\usmt
2009-07-14 18:22:17 ----D---- C:\WINDOWS\PeerNet
2009-07-14 18:22:16 ----D---- C:\Programme\Movie Maker
2009-07-14 18:18:22 ----D---- C:\WINDOWS\system32\Restore
2009-07-14 18:18:22 ----D---- C:\WINDOWS\system32\npp
2009-07-14 18:18:19 ----D---- C:\WINDOWS\msagent
2009-07-14 18:18:17 ----D---- C:\WINDOWS\srchasst
2009-07-14 18:18:12 ----D---- C:\Programme\NetMeeting
2009-07-14 18:18:11 ----D---- C:\WINDOWS\system32\Com
2009-07-14 18:18:08 ----D---- C:\Programme\Windows Media Player
2009-07-14 18:18:07 ----D---- C:\Programme\Windows NT
2009-07-14 18:18:07 ----D---- C:\Programme\Outlook Express
2009-07-14 18:18:03 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-07-14 18:17:41 ----D---- C:\WINDOWS\system
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-10-22 311680]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-05 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-05 81288]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-22 119168]
R1 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2005-12-27 50176]
R1 SSHDRV62;SSHDRV62; \??\C:\WINDOWS\system32\drivers\SSHDRV62.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2006-07-04 165376]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-07-04 18048]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2006-03-06 32512]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BDFsDrv;BDFsDrv; \??\C:\Programme\Softwin\BitDefender8\bdfsdrv.sys []
R3 BDRsDrv;BDRsDrv; \??\C:\Programme\Softwin\BitDefender8\bdrsdrv.sys []
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-22 27264]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-05-15 25280]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-06-29 3173888]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 AEXPAM;Philips SmartManage Service; C:\WINDOWS\System32\Drivers\aexpamdrv.sys [2004-09-01 21824]
S3 bfastfao;bfastfao; \??\C:\DOKUME~1\STEPHA~1\LOKALE~1\Temp\bfastfao.sys []
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth-Modemkommunikationstreiber; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-22 27136]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOKUME~1\STEPHA~1\LOKALE~1\Temp\sony_ssm.sys []
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(ZyXEL);ZyAIR G-220 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyXEL); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-08-03 237568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accsvc;AccSys WiFi Component; C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe [2006-01-11 147456]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 AOL ACS;AOL Connectivity Service; C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe [2004-11-09 1140312]
R2 bdss;BitDefender Scan Server; C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe [2005-01-24 69632]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe [2006-01-09 266338]
R2 CLSched;CyberLink Task Scheduler (CTS); c:\apps\Powercinema\Kernel\TV\CLSched.exe [2006-01-09 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe [2006-01-09 1073152]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; c:\APPS\HIDSERVICE\HIDSERVICE.exe [2005-01-07 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 omniserv;Softex OmniPass Service; C:\Apps\Softex\OmniPass\Omniserv.exe [2005-08-12 32768]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-03-14 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-03-14 189768]
R2 RoxWatch;Roxio Hard Drive Watcher; C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-12-23 155648]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Programme\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Programme\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2006-08-08 217088]
R2 VSSERV;BitDefender Virus Shield; C:\Programme\Softwin\BitDefender8\vsserv.exe [2006-06-02 90112]
R2 XCOMM;BitDefender Communicator; C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe [2005-06-02 69632]
R3 RoxMediaDB;RoxMediaDB; C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-12-23 864256]
S2 gupdate1ca0619da663b84;Google Update Service (gupdate1ca0619da663b84); C:\Programme\Google\Update\GoogleUpdate.exe [2009-07-16 133104]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-07-12 1029456]
S2 RoxLiveShare;LiveShare P2P Server; C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-12-23 233472]
S2 RoxUpnpServer;RoxUpnpServer; C:\Programme\Roxio\WinOnCD 8\Digital Home\RoxUpnpServer.exe [2005-12-27 409600]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxUPnPRenderer;RoxUpnpRenderer; C:\Programme\Gemeinsame Dateien\Roxio Shared\SharedCom\RoxUpnpRenderer.exe [2005-12-27 45056]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Die genannten Trojaner bzw. Viren sind nach dem Durchlaufen der Programme nicht mehr in der Quarantäne von AntiVir zu finden. Ich gehe davon aus, dass der CCleaner diese wohl gelöscht hat. Ist das so?

Schon mal vielen Dank für eure Hilfe!

Grüße
McSharp

TR/Crypt.ZPACK + TR/Trash.Gen + HTML/Silly.Gen + Trivial-28 (A) Teil 1

Log-Analyse und Auswertung: TR/Crypt.ZPACK + TR/Trash.Gen + HTML/Silly.Gen + Trivial-28 (A) Teil 1