Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.IR.45

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.08.2010, 14:04   #1
Hape42
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



Hallo,

Seit gestern meldet der AntiVir Guard dauernd den Trojaner TR/Crypt.IR.45 im windows/temp verzeichnis

Google findet dazu leider (noch) nichts

nach load.exe habe ich erst mal TFC ausgeführt.

Leider hängt sich das nach einiger Zeit auf (Mittlerweile mehr als 5 Stunden keine weitere Ausgabe oder sonstige reaktion). Oder meldet sich nicht mehr zurück.

Soll ich weiter warten, oder mit den beschriebenen Schritten weiter machen?

nach 8 Stunden warten hab ich den Laptop ausgeschaltet. Kam normal wieder hoch
Ich gehe jetzt in der Anweisung weiter:
  • Schritt 2 ist durchgeführt
  • Schritt 3 ist durchgeführt
PHP-Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
 
Datenbank Version: 4495
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
 
29.08.2010 17:14:26
mbam-log-2010-08-29 (17-14-26).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136582
Laufzeit: 14 Minute(n), 37 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
C:\Users\***\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully. 
Malewarebytes empfiehlt mir jetzt den Neustart. ich hoffe, wir sehen uns gleich wieder...
  • Schritt 4 Diesen Scan musst Du nur machen wenn sich die Defogger.exe auf dem Desktop befindet !!!
Defogger ist auf dem Desktop!
Das log sieht folgendermaßen aus:
PHP-Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:39 on 29/08/2010 (Hape42)
 
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
 
Checking for services/drivers...
 
 
-=
E.O.F=- 
jetzt steht in Eurer Anleitung:
Wichtig: Klicke nicht auf den Re-Enable Button bevor wir mit der Bereinigung fertig sind!!
öhm, was bedeutet das jetzt für mich?
Auf wen oder was soll ich warten?

hmmmm, irgendwas mache ich hier im Forum falsch

ich locke mal mit Freibier , womöglich antwortet dann jemand

Alt 29.08.2010, 18:42   #2
john.doe
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



Zitat:
irgendwas mache ich hier im Forum falsch
Es gibt hier eine Funktion die nennt sich unbeantwortet. Nur damit sind Leute nicht zu finden, die Monologe führen. Wie wäre es, wenn du dich einfach an die Regeln hältst?

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Klicke doch einfach mal auf Für alle Neuen in meiner Signatur und liefere die fehlenden Logs von OTL nach. Und BTW: Benutze nicht mehr die PHP-Tags, das ist nicht zu entziffern. Das richtige Tag ist #.

ciao, andreas
__________________

__________________

Alt 29.08.2010, 19:11   #3
Hape42
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



Ich hab mich an die Anleitung gehalten, die mit load.exe ausgeliefert wurde. Das hab ich wohl falsch verstanden. Sorry.

Hier die OTL logs:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.08.2010 19:48:29 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Username\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 64,89 Gb Free Space | 55,80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,13 Gb Total Space | 85,55 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
Drive F: | 591,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Username-PC
Current User Name: Username
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Username\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Programme\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Programme\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Programme\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Programme\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - E:\xampp\xampp-control.exe ()
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Username\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WdiServiceHostAeLookupSvc) -- C:\Windows\System32\apirclw.exe File not found
SRV - (MySql) -- E:\xampp\mysql\bin\mysqld-nt.exe File not found
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (scan) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. hxxp://www.bitdefender.com)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apache2.2) -- e:\xampp\apache\bin\apache.exe (Apache Software Foundation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (XAMPP) -- e:\xampp\service.exe ()
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (bdftdif) -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (Trufos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)
DRV - (bdfsfltr) -- C:\Windows\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BDVEDISK) -- C:\Programme\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=66056
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {F807FACD-E46A-4793-B345-D58CB177673C}:3.5.3
FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 11:05:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.07.28 14:38:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 10:48:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 10:48:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.26 20:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010.06.30 17:54:27 | 000,000,000 | ---D | M]
 
[2010.08.26 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\mozilla\Extensions
[2010.08.26 20:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.29 17:35:31 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions
[2010.06.27 08:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.06.27 08:30:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.13 10:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}
[2010.03.29 16:49:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.06.27 08:30:26 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2010.02.14 22:44:06 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.07.17 12:46:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.23 20:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.06.28 17:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.03.31 20:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.07.17 12:46:43 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2008.12.17 21:54:26 | 000,002,028 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\FireFox\Profiles\vzev45ly.default\searchplugins\xing---powering-relationships.xml
[2010.06.24 07:22:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.01 10:48:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.04 12:32:23 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.08.01 10:48:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.01 10:48:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.01 10:48:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.01 10:48:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.04.04 10:30:18 | 000,000,757 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [aborange Scheduler] C:\Program Files\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach)
O4 - HKCU..\Run: [Doapi] C:\Users\Username\AppData\Roaming\Adobe\Update\getapi.exe File not found
O4 - HKCU..\Run: [Getdo]  File not found
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.04.28 18:29:38 | 000,000,035 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3b8d9000-be0d-11dd-9613-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3b8d9000-be0d-11dd-9613-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LxSetup.exe -- [2010.04.28 18:35:26 | 002,213,232 | R--- | M] (Haufe-Lexware GmbH & Co. KG)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.29 19:12:46 | 000,000,000 | ---D | C] -- C:\Programme\MySQL
[2010.08.29 19:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2010.08.29 16:52:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.29 16:51:16 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.08.29 08:13:54 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\Desktop 29.8.2010
[2010.08.28 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Roaming\Malwarebytes
[2010.08.28 21:44:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.28 21:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.28 21:44:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.28 21:44:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.28 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\MFTools
[2010.08.28 17:10:18 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.08.28 17:10:18 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.08.12 18:26:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 18:26:06 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 18:26:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 18:26:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 18:26:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 18:26:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 18:26:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 18:26:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 18:26:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 18:26:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 18:26:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 18:26:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 18:26:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 18:26:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 18:26:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 18:25:51 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 18:25:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 18:25:04 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 18:24:19 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 18:24:17 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.02 19:47:05 | 000,000,000 | ---D | C] -- C:\Users\Username\Documents\Lexware
[2010.08.02 19:34:15 | 000,000,000 | ---D | C] -- C:\Programme\Wertpapieranalyse 2011
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.29 19:57:33 | 003,145,728 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT
[2010.08.29 19:22:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.29 19:22:36 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.29 17:22:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.29 17:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.29 17:22:32 | 3082,805,248 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.29 17:21:40 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2010.08.29 17:21:21 | 000,065,536 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.29 17:21:20 | 000,524,288 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.29 17:21:19 | 002,771,491 | -H-- | M] () -- C:\Users\Username\AppData\Local\IconCache.db
[2010.08.29 16:51:19 | 000,000,738 | ---- | M] () -- C:\Users\Username\Desktop\NTREGOPT.lnk
[2010.08.29 16:51:19 | 000,000,719 | ---- | M] () -- C:\Users\Username\Desktop\ERUNT.lnk
[2010.08.28 21:44:17 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.28 21:42:35 | 000,050,477 | ---- | M] () -- C:\Users\Username\Desktop\defogger.exe
[2010.08.28 21:42:13 | 000,284,915 | ---- | M] () -- C:\Users\Username\Desktop\Gmer.zip
[2010.08.28 21:39:57 | 000,388,197 | ---- | M] () -- C:\Users\Username\Desktop\Load.exe
[2010.08.28 17:10:11 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.08.28 17:10:11 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.08.27 16:04:44 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.27 16:04:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.26 14:45:40 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.08.26 14:40:34 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.08.26 14:40:24 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.08.25 21:23:15 | 000,030,956 | ---- | M] () -- C:\Users\Username\Documents\xxx.xlsx
[2010.08.13 12:06:23 | 000,332,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.02 19:43:29 | 000,000,972 | ---- | M] () -- C:\Users\Username\Desktop\Quicken2011_SP1.htm.lnk
[2010.08.02 19:36:08 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2011.lnk
[2010.08.02 19:27:34 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\ QuickKontoblatt 2011.lnk
[2010.08.02 19:27:34 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\ Quicken DELUXE 2011.lnk
[2010.08.02 19:27:34 | 000,001,019 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2011 Zahlungserinnerung.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.29 16:51:19 | 000,000,738 | ---- | C] () -- C:\Users\Username\Desktop\NTREGOPT.lnk
[2010.08.29 16:51:19 | 000,000,719 | ---- | C] () -- C:\Users\Username\Desktop\ERUNT.lnk
[2010.08.28 21:44:17 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.28 21:42:35 | 000,050,477 | ---- | C] () -- C:\Users\Username\Desktop\defogger.exe
[2010.08.28 21:42:13 | 000,284,915 | ---- | C] () -- C:\Users\Username\Desktop\Gmer.zip
[2010.08.28 21:39:54 | 000,388,197 | ---- | C] () -- C:\Users\Username\Desktop\Load.exe
[2010.08.02 19:43:29 | 000,000,972 | ---- | C] () -- C:\Users\Username\Desktop\Quicken2011_SP1.htm.lnk
[2010.08.02 19:36:08 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2011.lnk
[2010.08.02 19:27:34 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\ QuickKontoblatt 2011.lnk
[2010.08.02 19:27:34 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\ Quicken DELUXE 2011.lnk
[2010.08.02 19:27:34 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2011 Zahlungserinnerung.lnk
[2010.07.21 07:50:51 | 000,000,025 | ---- | C] () -- C:\Users\Username\AppData\Roaming\bdfvconp.ini
[2010.06.16 19:20:46 | 000,003,492 | ---- | C] () -- C:\Windows\System32\acluie.sys
[2010.01.09 09:56:27 | 000,773,141 | ---- | C] () -- C:\Users\Username\AppData\Roaming\farm.bmp
[2010.01.09 09:48:36 | 000,019,980 | ---- | C] () -- C:\Users\Username\AppData\Roaming\settings.dat
[2009.11.17 17:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.11.17 17:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.11.17 17:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.08.01 00:29:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.18 09:42:44 | 000,221,184 | ---- | C] () -- C:\Windows\System32\TidyATL.dll
[2009.03.21 19:50:48 | 000,029,696 | ---- | C] () -- C:\Users\Username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.14 10:10:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.14 12:19:27 | 003,211,264 | ---- | C] () -- C:\Programme\Common FilesDDBACSetup.msi
[2009.02.14 10:44:32 | 000,000,019 | ---- | C] () -- C:\Windows\LxRegi.INI
[2009.02.14 10:41:54 | 000,048,128 | ---- | C] () -- C:\Windows\System32\V24.DLL
[2009.02.14 10:40:47 | 000,001,562 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009.02.14 10:40:47 | 000,000,185 | ---- | C] () -- C:\Windows\Intuprof.ini
[2009.01.15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2008.12.04 08:13:39 | 000,005,334 | ---- | C] () -- C:\Windows\my.ini.old
[2008.12.04 08:11:46 | 000,005,340 | ---- | C] () -- C:\Windows\my.ini
[2008.11.29 14:34:19 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008.11.29 14:02:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.11.29 14:02:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.11.29 14:02:46 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.11.29 14:02:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.11 16:09:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.08.11 16:09:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.08.11 16:09:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.08.11 16:09:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.08.11 16:09:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.08.11 16:09:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.08.11 16:01:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.11 15:46:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.11 15:00:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2003.10.01 11:50:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2002.03.28 17:19:04 | 000,491,077 | ---- | C] () -- C:\Windows\System32\QCONNECT.DLL
< End of report >
         
--- --- ---


und Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.08.2010 19:48:29 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Username\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 64,89 Gb Free Space | 55,80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,13 Gb Total Space | 85,55 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
Drive F: | 591,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Username-PC
Current User Name: Username
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [- Browse with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browse" "%1" (Giorgio Tani)
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8EE98C-C45F-4CD1-BB7A-0457C4C0021F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{1A7EFE42-D7C2-447A-86D3-33A71FD7496E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{22BC3D03-5055-46B7-B598-EF783E1816A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C9495F2-75AC-4E9E-9CDA-0FA77B24B459}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EE4F37B-CA4B-49C9-9135-C33E48A43EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32C097F7-6326-4DE2-8A06-C7201D746D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C34AC07-ADA9-43D2-A4B1-4DF7AD453854}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{5904943E-0E32-4A71-BDE1-AAABF1344B3F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{700349DA-9648-429F-BFF9-94F3517E7B06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7483BBC7-BBB0-4800-B582-F8AD32D50F4B}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe | 
"{755CC1E8-9586-4CBF-8028-164549E969E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8171F3A0-1995-40DC-A9B2-8FDFD2662DF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83756895-92DA-427C-8C26-ADBFA3F4B87E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87147A11-BE26-490F-AD4D-FD8A11DD5ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92E2DC94-5EBE-4230-BCB6-7EBDE7C9E078}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B097A1C-08FC-48F8-B431-8508D593CFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD5360F7-CB45-4445-A7B6-ED09FB7434AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B30458C2-8824-475C-86C0-B6101F34BC39}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDB585AE-804B-4690-A3C4-4126D405D3A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1D6C054-CB87-464C-B233-64F702007B4D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D67AA84D-7D70-4E3F-A4F8-CC3F8D90FB66}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D74EAE23-272F-42A7-9F76-93E44C12537D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D9CB0D42-8EF2-4051-A9E5-2F7AD1A1F387}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E50F9AB2-DD67-4886-B25E-ED501C239516}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F71AD95C-0AD2-4003-9264-904E6A3CDD08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F7FB1606-7EA5-40D9-9FE8-32E4F1958CFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FADA6C96-F1BF-4AA8-AA58-CD4995F6899F}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe | 
"TCP Query User{0F855C4D-FE43-4BDA-8FD1-F28006963350}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{30E092CE-32D0-4211-AB70-9ED4F46743B5}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe | 
"TCP Query User{57EDB700-8FFB-4021-BC9F-5BD9420D8C73}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{A0EFD9B3-E27F-4C08-BFBC-CA6EFF97121A}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe | 
"TCP Query User{A166CA11-1F40-42C0-A34A-9D1AF9945C88}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{AAF9E999-C6F7-4A94-90B5-A99C88A49C17}E:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{AC3CCE97-3F57-4B7F-9567-2477E094B771}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{AEA4206A-8202-498B-AB79-5F9EA33D45A5}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"TCP Query User{B0B8CD06-4435-46C1-A4F2-965C91BF0195}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{EED1E3FB-28C0-464D-A03B-52A85DA969F7}E:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\apache.exe | 
"TCP Query User{FB81EE6A-E3E9-4F51-B913-EC6EBD5D5AE9}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | 
"TCP Query User{FC9EDD2F-D038-45AD-A2BA-0D359B2D3C1B}C:\program files\microsoft office\office12\onenote.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"UDP Query User{1B323076-C724-41B6-8BA2-7C452889E3FD}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | 
"UDP Query User{3C3293DE-0DA4-4F9D-8FAC-53D73998C5E7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{3EF0AC22-317C-477C-8426-3944EE7832B0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"UDP Query User{5680A2F2-1716-4E22-B8E7-3CF11E31AD8D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{5CC6D0C0-1054-4A66-B0D8-CAC87DDBB1C6}C:\program files\microsoft office\office12\onenote.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"UDP Query User{6B73C19F-3BCA-4522-B513-EB94BE16D6DE}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe | 
"UDP Query User{734D2871-AB67-4790-A185-3881F8F9B3B6}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{787F0F5D-D4BD-4F49-8658-76A00C46A04E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{7C8BED21-936F-4612-A2C2-4724C06BD8D5}E:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{85AA6A0E-2FBA-410D-9857-55ABD03423F0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{8C490A4A-B41A-4B27-9165-CB44AC69A73B}E:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\apache.exe | 
"UDP Query User{BD516E84-7ED3-4DB3-93A8-9B565F3D4776}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}" = BitDefender Internet Security 2010
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F259B2E-D2C7-486B-8A42-9803FA1527C8}" = Toshiba TEMPRO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3118E461-1976-4F6A-97B4-B655F3AAB263}" = Wertpapieranalyse 2009
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}" = Quicken 2010 - Servicepack 5
"{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010
"{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.4.1
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65C7590F-E02A-4199-A44A-E223775D5447}" = Quicken 2011 - ServicePack 1
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65EFA0CB-4039-43C5-A40B-FD2784C7E05E}" = Easy-wGet
"{66A63F2B-A4EE-44D3-9CE3-6EC269DCB14D}" = Sonocaddie V300a
"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Labor
"{8E77C3B6-6971-44ED-9267-A8E494785607}" = Quicken 2009
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FC83F04-9C3F-429B-92DE-1252235765E4}" = DDBAC
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A13D9E3A-B31D-4E69-8681-EDB7AA02E365}" = Quicken Import Export Server 2011
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B516126E-607A-47BD-8B35-335A76328576}" = Quicken Import Export Server 2009
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C54C7C1F-4015-4217-8F16-8CF993C59793}" = MySQL Server 5.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D901E911-3478-466F-8EA0-0AEE85F22E4B}" = wGet-Installer
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5A24EC1-61AF-4AF4-A103-756359FAC92E}" = Quicken 2009 - ServicePack 3
"{E5FD5CB6-C221-11D5-A2AF-0060971754F8}" = Quicken DELUXE 2003
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F625701A-E55C-47B4-8FC0-52B4FFE306BB}" = Wertpapieranalyse 2011
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7620-0758-4357-2556" = Woopra 1.4
"aborange Scheduler_is1" = aborange Scheduler - Deinstallation
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"BlogDesk_is1" = BlogDesk 2.8
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.2.4.1
"Free Disc Burner_is1" = Free Disc Burner version 1.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken Deluxe 2010
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{8E77C3B6-6971-44ED-9267-A8E494785607}" = Quicken Deluxe 2009
"InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011
"InstallShield_{E5FD5CB6-C221-11D5-A2AF-0060971754F8}" = Quicken 2003
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"myGolfCoach" = myGolfCoach
"myphotobook" = myphotobook 3.6
"nbi-nb-base-6.5.0.0.200811100614" = NetBeans IDE 6.5
"Notepad++" = Notepad++
"Picasa2" = Picasa 2
"SequoiaView" = SequoiaView
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trillian" = Trillian
"TrueMoneyGames" = TrueMoneyGames 6.2
"TrueMoneyGames.de" = TrueMoneyGames.de 5.1
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"UUSEE(ÓÆÊÓÍøÂçµçÊÓ)" = UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5
"Wertpapier-Analyse" = Wertpapier-Analyse
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"xampp" = XAMPP 1.7.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.08.2010 11:14:18 | Computer Name = Username-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.08.2010 13:59:07 | Computer Name = Username-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3855, Zeitstempel
 0x4c48d5ce, fehlerhaftes Modul qscanff.dll, Version 0.9.9.23, Zeitstempel 0x4c03bacc,
 Ausnahmecode 0xc0000417, Fehleroffset 0x0005f9c7,  Prozess-ID 0x8b0, Anwendungsstartzeit
 01cb46c3f29c65ad.
 
Error - 28.08.2010 14:04:33 | Computer Name = Username-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 200  Anfangszeit: 01cb46c38eff255d  Zeitpunkt
 der Beendigung: 0
 
Error - 28.08.2010 14:09:51 | Computer Name = Username-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.08.2010 15:08:30 | Computer Name = Username-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.08.2010 23:20:26 | Computer Name = Username-PC | Source = Google Update | ID = 20
Description = 
 
Error - 29.08.2010 00:18:28 | Computer Name = Username-PC | Source = Google Update | ID = 20
Description = 
 
Error - 29.08.2010 01:59:48 | Computer Name = Username-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung apache.exe, Version 2.2.11.0, Zeitstempel 0x493f5d44,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode
 0xc0000005, Fehleroffset 0x00067580,  Prozess-ID 0x81c, Anwendungsstartzeit 01cb46e448763fde.
 
Error - 29.08.2010 02:10:24 | Computer Name = Username-PC | Source = Application Hang | ID = 1002
Description = Programm TFC.exe, Version 3.1.7.0 arbeitet nicht mehr mit Windows 
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1680  Anfangszeit: 01cb46e98ceedde0  Zeitpunkt der Beendigung:
 31
 
Error - 29.08.2010 02:13:22 | Computer Name = Username-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 15.05.2010 11:20:44 | Computer Name = Username-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 28.08.2010 15:08:31 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.08.2010 18:42:44 | Computer Name = Username-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.08.2010 01:03:23 | Computer Name = Username-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.42 für die Netzwerkkarte mit der Netzwerkadresse
 002163802F7C wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 29.08.2010 01:59:53 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 29.08.2010 02:12:32 | Computer Name = Username-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.08.2010 um 08:10:47 unerwartet heruntergefahren.
 
Error - 29.08.2010 02:13:24 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.08.2010 10:46:44 | Computer Name = Username-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.08.2010 um 16:43:38 unerwartet heruntergefahren.
 
Error - 29.08.2010 10:47:41 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.08.2010 11:23:46 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.08.2010 13:33:43 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 29.08.2010, 19:56   #4
john.doe
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



Boah.

1.) Entscheide dich für ein Antivirenprogramm (egal ob Avira oder Bitdefender). Deinstalliere das andere.

2.) TuneUp ist Müll. Deinstallieren.

3.) Ask-Toolbar und Conduit ist Adware. Deinstallieren.

4.) Die Software (besonders die Sicherheitskritische, wie Java und Adobe Reader) ist veraltet. Hilfe bietet dabei => PSI - Consumer - Products

5.) Schädlinge sind auf den ersten Blick nicht zu erkennen (abgesehen von einigen Regeinträgen). Weitere Scans nur auf Wunsch.

6.) Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
SRV - (WdiServiceHostAeLookupSvc) -- C:\Windows\System32\apirclw.exe File not found
SRV - (MySql) -- E:\xampp\mysql\bin\mysqld-nt.exe File not found | R--- | M] (Realore Studios                                             )
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=66056
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [cfFncEnabler.exe]  File not found
O4 - HKCU..\Run: [Doapi] C:\Users\Username\AppData\Roaming\Adobe\Update\getapi.exe File not found
O4 - HKCU..\Run: [Getdo]  File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O33 - MountPoints2\{3b8d9000-be0d-11dd-9613-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3b8d9000-be0d-11dd-9613-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LxSetup.exe -- [2010.04.28 18:35:26 | 002,213,232 | R--- | M] (Haufe-Lexware GmbH & Co. KG)
:Commands
[purity]
[resethosts]
[emptyflash]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

7.) Erstelle und poste neue Logs mit OTL.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 29.08.2010, 20:55   #5
Hape42
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



Danke für die Tips!

PHP-Code:
Files\Folders moved on Reboot...
File move failedC:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
File move failedC:\Programme\BitDefender\BitDefender 2010\ietoolbar.dll scheduled to be moved on reboot.
File move failedF:\LxSetup.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot... 
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.08.2010 21:41:20 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Username\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 66,76 Gb Free Space | 57,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,13 Gb Total Space | 85,55 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
Drive F: | 591,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Username-PC
Current User Name: Username
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Username\Desktop\MFTools\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Programme\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Programme\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Programme\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Programme\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Programme\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
PRC - C:\Programme\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - E:\xampp\apache\bin\apache.exe (Apache Software Foundation)
PRC - e:\xampp\apache\bin\apache.exe (Apache Software Foundation)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Username\Desktop\MFTools\OTL.exe (OldTimer Tools)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_66\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (scan) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. hxxp://www.bitdefender.com)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apache2.2) -- e:\xampp\apache\bin\apache.exe (Apache Software Foundation)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (XAMPP) -- e:\xampp\service.exe ()
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (bdftdif) -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (Trufos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender)
DRV - (bdfsfltr) -- C:\Windows\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BDVEDISK) -- C:\Programme\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: {386869f0-e3f2-11dc-95ff-0800200c9a66}:1.2
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {F807FACD-E46A-4793-B345-D58CB177673C}:3.5.3
FF - prefs.js..extensions.enabledItems: {8F6A6FD9-0619-459f-B9D0-81DE065D4E21}:1.10.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 11:05:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.07.28 14:38:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.01 10:48:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.01 10:48:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.26 20:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010.06.30 17:54:27 | 000,000,000 | ---D | M]
 
[2010.08.26 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\mozilla\Extensions
[2010.08.26 20:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.29 21:37:33 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions
[2010.06.27 08:30:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.06.27 08:30:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.13 10:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{386869f0-e3f2-11dc-95ff-0800200c9a66}
[2010.03.29 16:49:26 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.06.27 08:30:26 | 000,000,000 | ---D | M] (View Cookies) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{8F6A6FD9-0619-459f-B9D0-81DE065D4E21}
[2010.02.14 22:44:06 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.07.17 12:46:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.23 20:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.06.28 17:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.29 21:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.07.17 12:46:43 | 000,000,000 | ---D | M] (ScribeFire) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\vzev45ly.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2008.12.17 21:54:26 | 000,002,028 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\FireFox\Profiles\vzev45ly.default\searchplugins\xing---powering-relationships.xml
[2010.06.24 07:22:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.01 10:48:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.04 12:32:23 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.08.01 10:48:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.01 10:48:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.01 10:48:16 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.01 10:48:16 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.29 21:21:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [aborange Scheduler] C:\Program Files\aborange Scheduler\aboScheduler.exe (aborange.de - Mathias Gerlach)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.04.28 18:29:38 | 000,000,035 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.29 21:16:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.29 21:12:57 | 000,000,000 | ---D | C] -- C:\Programme\Secunia
[2010.08.29 19:12:46 | 000,000,000 | ---D | C] -- C:\Programme\MySQL
[2010.08.29 19:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2010.08.29 16:52:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.29 16:51:16 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.08.29 08:13:54 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\Desktop 29.8.2010
[2010.08.28 21:44:33 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Roaming\Malwarebytes
[2010.08.28 21:44:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.28 21:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.28 21:44:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.28 21:44:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.28 21:42:00 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\MFTools
[2010.08.28 17:10:18 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.08.28 17:10:18 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.08.12 18:26:06 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 18:26:06 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 18:26:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 18:26:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 18:26:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 18:26:05 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 18:26:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 18:26:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 18:26:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 18:26:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 18:26:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 18:26:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 18:26:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 18:26:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 18:26:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 18:25:51 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 18:25:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 18:25:04 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 18:24:19 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 18:24:17 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.02 19:47:05 | 000,000,000 | ---D | C] -- C:\Users\Username\Documents\Lexware
[2010.08.02 19:34:15 | 000,000,000 | ---D | C] -- C:\Programme\Wertpapieranalyse 2011
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.29 21:41:20 | 003,145,728 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT
[2010.08.29 21:33:25 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.29 21:33:25 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.29 21:33:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.29 21:33:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.29 21:33:09 | 3082,805,248 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.29 21:21:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.08.29 17:21:40 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2010.08.29 17:21:21 | 000,065,536 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.29 17:21:20 | 000,524,288 | -HS- | M] () -- C:\Users\Username\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.29 17:21:19 | 002,771,491 | -H-- | M] () -- C:\Users\Username\AppData\Local\IconCache.db
[2010.08.29 16:51:19 | 000,000,738 | ---- | M] () -- C:\Users\Username\Desktop\NTREGOPT.lnk
[2010.08.29 16:51:19 | 000,000,719 | ---- | M] () -- C:\Users\Username\Desktop\ERUNT.lnk
[2010.08.28 21:44:17 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.28 21:42:35 | 000,050,477 | ---- | M] () -- C:\Users\Username\Desktop\defogger.exe
[2010.08.28 21:42:13 | 000,284,915 | ---- | M] () -- C:\Users\Username\Desktop\Gmer.zip
[2010.08.28 21:39:57 | 000,388,197 | ---- | M] () -- C:\Users\Username\Desktop\Load.exe
[2010.08.28 17:10:11 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.08.28 17:10:11 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.08.27 16:04:44 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.27 16:04:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.26 14:45:40 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.08.26 14:40:34 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.08.26 14:40:24 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.08.25 21:23:15 | 000,030,956 | ---- | M] () -- C:\Users\Username\Documents\xxx.xlsx
[2010.08.13 12:06:23 | 000,332,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.02 19:43:29 | 000,000,972 | ---- | M] () -- C:\Users\Username\Desktop\Quicken2011_SP1.htm.lnk
[2010.08.02 19:36:08 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2011.lnk
[2010.08.02 19:27:34 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\ QuickKontoblatt 2011.lnk
[2010.08.02 19:27:34 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\ Quicken DELUXE 2011.lnk
[2010.08.02 19:27:34 | 000,001,019 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2011 Zahlungserinnerung.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.29 16:51:19 | 000,000,738 | ---- | C] () -- C:\Users\Username\Desktop\NTREGOPT.lnk
[2010.08.29 16:51:19 | 000,000,719 | ---- | C] () -- C:\Users\Username\Desktop\ERUNT.lnk
[2010.08.28 21:44:17 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.28 21:42:35 | 000,050,477 | ---- | C] () -- C:\Users\Username\Desktop\defogger.exe
[2010.08.28 21:42:13 | 000,284,915 | ---- | C] () -- C:\Users\Username\Desktop\Gmer.zip
[2010.08.28 21:39:54 | 000,388,197 | ---- | C] () -- C:\Users\Username\Desktop\Load.exe
[2010.08.02 19:43:29 | 000,000,972 | ---- | C] () -- C:\Users\Username\Desktop\Quicken2011_SP1.htm.lnk
[2010.08.02 19:36:08 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Wertpapieranalyse 2011.lnk
[2010.08.02 19:27:34 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\ QuickKontoblatt 2011.lnk
[2010.08.02 19:27:34 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\ Quicken DELUXE 2011.lnk
[2010.08.02 19:27:34 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2011 Zahlungserinnerung.lnk
[2010.07.21 07:50:51 | 000,000,025 | ---- | C] () -- C:\Users\Username\AppData\Roaming\bdfvconp.ini
[2010.06.16 19:20:46 | 000,003,492 | ---- | C] () -- C:\Windows\System32\acluie.sys
[2010.01.09 09:56:27 | 000,773,141 | ---- | C] () -- C:\Users\Username\AppData\Roaming\farm.bmp
[2010.01.09 09:48:36 | 000,019,980 | ---- | C] () -- C:\Users\Username\AppData\Roaming\settings.dat
[2009.11.17 17:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.11.17 17:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.11.17 17:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.08.01 00:29:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.18 09:42:44 | 000,221,184 | ---- | C] () -- C:\Windows\System32\TidyATL.dll
[2009.03.21 19:50:48 | 000,029,696 | ---- | C] () -- C:\Users\Username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.14 10:10:34 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.14 12:19:27 | 003,211,264 | ---- | C] () -- C:\Programme\Common FilesDDBACSetup.msi
[2009.02.14 10:44:32 | 000,000,019 | ---- | C] () -- C:\Windows\LxRegi.INI
[2009.02.14 10:41:54 | 000,048,128 | ---- | C] () -- C:\Windows\System32\V24.DLL
[2009.02.14 10:40:47 | 000,001,562 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009.02.14 10:40:47 | 000,000,185 | ---- | C] () -- C:\Windows\Intuprof.ini
[2009.01.15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2008.12.04 08:13:39 | 000,005,334 | ---- | C] () -- C:\Windows\my.ini.old
[2008.12.04 08:11:46 | 000,005,340 | ---- | C] () -- C:\Windows\my.ini
[2008.11.29 14:34:19 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008.11.29 14:02:46 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.11.29 14:02:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.11.29 14:02:46 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.11.29 14:02:46 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.08.11 16:09:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.08.11 16:09:58 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.08.11 16:09:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.08.11 16:09:58 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.08.11 16:09:58 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.08.11 16:09:58 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.08.11 16:01:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.08.11 15:46:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008.08.11 15:00:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2003.10.01 11:50:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2002.03.28 17:19:04 | 000,491,077 | ---- | C] () -- C:\Windows\System32\QCONNECT.DLL
< End of report >
         
--- --- ---


Alt 29.08.2010, 21:04   #6
john.doe
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



Es fehlt noch Extras.txt, findest du auf deinem Desktop. Bezüglich TuneUp schau doch mal hier:
=> http://www.trojaner-board.de/77902-5...tml#post469682
=> http://www.trojaner-board.de/72761-w...tml#post433943

Komplette Threads:
=> http://www.trojaner-board.de/77902-5...-gefunden.html
=> http://www.trojaner-board.de/72761-w...h-langsam.html

Es gibt noch mehr, bin nur zu faul zum Suchen.

ciao, andreas
__________________
--> TR/Crypt.IR.45

Alt 29.08.2010, 21:09   #7
Hape42
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



oops, nomol sorry

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.08.2010 19:48:29 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\username\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,29 Gb Total Space | 64,89 Gb Free Space | 55,80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 115,13 Gb Total Space | 85,55 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
Drive F: | 591,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: username-PC
Current User Name: username
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [- Browse with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browse" "%1" (Giorgio Tani)
Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F8EE98C-C45F-4CD1-BB7A-0457C4C0021F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{1A7EFE42-D7C2-447A-86D3-33A71FD7496E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{22BC3D03-5055-46B7-B598-EF783E1816A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C9495F2-75AC-4E9E-9CDA-0FA77B24B459}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EE4F37B-CA4B-49C9-9135-C33E48A43EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32C097F7-6326-4DE2-8A06-C7201D746D0A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C34AC07-ADA9-43D2-A4B1-4DF7AD453854}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{5904943E-0E32-4A71-BDE1-AAABF1344B3F}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{700349DA-9648-429F-BFF9-94F3517E7B06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7483BBC7-BBB0-4800-B582-F8AD32D50F4B}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe | 
"{755CC1E8-9586-4CBF-8028-164549E969E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8171F3A0-1995-40DC-A9B2-8FDFD2662DF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83756895-92DA-427C-8C26-ADBFA3F4B87E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87147A11-BE26-490F-AD4D-FD8A11DD5ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92E2DC94-5EBE-4230-BCB6-7EBDE7C9E078}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B097A1C-08FC-48F8-B431-8508D593CFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD5360F7-CB45-4445-A7B6-ED09FB7434AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B30458C2-8824-475C-86C0-B6101F34BC39}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDB585AE-804B-4690-A3C4-4126D405D3A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1D6C054-CB87-464C-B233-64F702007B4D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D67AA84D-7D70-4E3F-A4F8-CC3F8D90FB66}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D74EAE23-272F-42A7-9F76-93E44C12537D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D9CB0D42-8EF2-4051-A9E5-2F7AD1A1F387}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E50F9AB2-DD67-4886-B25E-ED501C239516}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F71AD95C-0AD2-4003-9264-904E6A3CDD08}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F7FB1606-7EA5-40D9-9FE8-32E4F1958CFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FADA6C96-F1BF-4AA8-AA58-CD4995F6899F}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe | 
"TCP Query User{0F855C4D-FE43-4BDA-8FD1-F28006963350}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{30E092CE-32D0-4211-AB70-9ED4F46743B5}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe | 
"TCP Query User{57EDB700-8FFB-4021-BC9F-5BD9420D8C73}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{A0EFD9B3-E27F-4C08-BFBC-CA6EFF97121A}C:\program files\woopra\woopra.exe" = protocol=6 | dir=in | app=c:\program files\woopra\woopra.exe | 
"TCP Query User{A166CA11-1F40-42C0-A34A-9D1AF9945C88}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{AAF9E999-C6F7-4A94-90B5-A99C88A49C17}E:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{AC3CCE97-3F57-4B7F-9567-2477E094B771}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{AEA4206A-8202-498B-AB79-5F9EA33D45A5}C:\program files\uusee\uuseeplayer.exe" = protocol=6 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"TCP Query User{B0B8CD06-4435-46C1-A4F2-965C91BF0195}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{EED1E3FB-28C0-464D-A03B-52A85DA969F7}E:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=e:\xampp\apache\bin\apache.exe | 
"TCP Query User{FB81EE6A-E3E9-4F51-B913-EC6EBD5D5AE9}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | 
"TCP Query User{FC9EDD2F-D038-45AD-A2BA-0D359B2D3C1B}C:\program files\microsoft office\office12\onenote.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"UDP Query User{1B323076-C724-41B6-8BA2-7C452889E3FD}C:\program files\java\jre1.6.0_07\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\java.exe | 
"UDP Query User{3C3293DE-0DA4-4F9D-8FAC-53D73998C5E7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{3EF0AC22-317C-477C-8426-3944EE7832B0}C:\program files\uusee\uuseeplayer.exe" = protocol=17 | dir=in | app=c:\program files\uusee\uuseeplayer.exe | 
"UDP Query User{5680A2F2-1716-4E22-B8E7-3CF11E31AD8D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{5CC6D0C0-1054-4A66-B0D8-CAC87DDBB1C6}C:\program files\microsoft office\office12\onenote.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"UDP Query User{6B73C19F-3BCA-4522-B513-EB94BE16D6DE}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe | 
"UDP Query User{734D2871-AB67-4790-A185-3881F8F9B3B6}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{787F0F5D-D4BD-4F49-8658-76A00C46A04E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{7C8BED21-936F-4612-A2C2-4724C06BD8D5}E:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=e:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{85AA6A0E-2FBA-410D-9857-55ABD03423F0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{8C490A4A-B41A-4B27-9165-CB44AC69A73B}E:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=e:\xampp\apache\bin\apache.exe | 
"UDP Query User{BD516E84-7ED3-4DB3-93A8-9B565F3D4776}C:\program files\woopra\woopra.exe" = protocol=17 | dir=in | app=c:\program files\woopra\woopra.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0DFF6117-CBBC-4F5C-9C57-6936644F10D4}" = BitDefender Internet Security 2010
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1F259B2E-D2C7-486B-8A42-9803FA1527C8}" = Toshiba TEMPRO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3118E461-1976-4F6A-97B4-B655F3AAB263}" = Wertpapieranalyse 2009
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C9E7EA5-9A3F-4C54-9038-EBB4CF25C29D}" = Quicken 2010 - Servicepack 5
"{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken 2010
"{51E4FE53-D6B0-43A0-B98C-7DE233D53EAB}" = Farming Extreme Manager
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.4.1
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65C7590F-E02A-4199-A44A-E223775D5447}" = Quicken 2011 - ServicePack 1
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65EFA0CB-4039-43C5-A40B-FD2784C7E05E}" = Easy-wGet
"{66A63F2B-A4EE-44D3-9CE3-6EC269DCB14D}" = Sonocaddie V300a
"{66E3BA00-6B3D-466B-96FA-6309A7F42BB0}" = Adobe Flash Player 10 ActiveX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC42289-E228-4A35-B8A9-015242283BB2}" = SPORE™ Labor
"{8E77C3B6-6971-44ED-9267-A8E494785607}" = Quicken 2009
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FC83F04-9C3F-429B-92DE-1252235765E4}" = DDBAC
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A13D9E3A-B31D-4E69-8681-EDB7AA02E365}" = Quicken Import Export Server 2011
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B516126E-607A-47BD-8B35-335A76328576}" = Quicken Import Export Server 2009
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C54C7C1F-4015-4217-8F16-8CF993C59793}" = MySQL Server 5.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D901E911-3478-466F-8EA0-0AEE85F22E4B}" = wGet-Installer
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5A24EC1-61AF-4AF4-A103-756359FAC92E}" = Quicken 2009 - ServicePack 3
"{E5FD5CB6-C221-11D5-A2AF-0060971754F8}" = Quicken DELUXE 2003
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F625701A-E55C-47B4-8FC0-52B4FFE306BB}" = Wertpapieranalyse 2011
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7620-0758-4357-2556" = Woopra 1.4
"aborange Scheduler_is1" = aborange Scheduler - Deinstallation
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"BlogDesk_is1" = BlogDesk 2.8
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.2.4.1
"Free Disc Burner_is1" = Free Disc Burner version 1.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4F8AFA74-1562-4980-8B87-8C07E8DE8FAF}" = Quicken Deluxe 2010
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{8E77C3B6-6971-44ED-9267-A8E494785607}" = Quicken Deluxe 2009
"InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011
"InstallShield_{E5FD5CB6-C221-11D5-A2AF-0060971754F8}" = Quicken 2003
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"myGolfCoach" = myGolfCoach
"myphotobook" = myphotobook 3.6
"nbi-nb-base-6.5.0.0.200811100614" = NetBeans IDE 6.5
"Notepad++" = Notepad++
"Picasa2" = Picasa 2
"SequoiaView" = SequoiaView
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Trillian" = Trillian
"TrueMoneyGames" = TrueMoneyGames 6.2
"TrueMoneyGames.de" = TrueMoneyGames.de 5.1
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"UUSEE(ÓÆÊÓÍøÂçµçÊÓ)" = UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5
"Wertpapier-Analyse" = Wertpapier-Analyse
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"xampp" = XAMPP 1.7.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.08.2010 11:14:18 | Computer Name = username-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.08.2010 13:59:07 | Computer Name = username-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3855, Zeitstempel
 0x4c48d5ce, fehlerhaftes Modul qscanff.dll, Version 0.9.9.23, Zeitstempel 0x4c03bacc,
 Ausnahmecode 0xc0000417, Fehleroffset 0x0005f9c7,  Prozess-ID 0x8b0, Anwendungsstartzeit
 01cb46c3f29c65ad.
 
Error - 28.08.2010 14:04:33 | Computer Name = username-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 200  Anfangszeit: 01cb46c38eff255d  Zeitpunkt
 der Beendigung: 0
 
Error - 28.08.2010 14:09:51 | Computer Name = username-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.08.2010 15:08:30 | Computer Name = username-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.08.2010 23:20:26 | Computer Name = username-PC | Source = Google Update | ID = 20
Description = 
 
Error - 29.08.2010 00:18:28 | Computer Name = username-PC | Source = Google Update | ID = 20
Description = 
 
Error - 29.08.2010 01:59:48 | Computer Name = username-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung apache.exe, Version 2.2.11.0, Zeitstempel 0x493f5d44,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821, Ausnahmecode
 0xc0000005, Fehleroffset 0x00067580,  Prozess-ID 0x81c, Anwendungsstartzeit 01cb46e448763fde.
 
Error - 29.08.2010 02:10:24 | Computer Name = username-PC | Source = Application Hang | ID = 1002
Description = Programm TFC.exe, Version 3.1.7.0 arbeitet nicht mehr mit Windows 
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1680  Anfangszeit: 01cb46e98ceedde0  Zeitpunkt der Beendigung:
 31
 
Error - 29.08.2010 02:13:22 | Computer Name = username-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 15.05.2010 11:20:44 | Computer Name = username-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 28.08.2010 15:08:31 | Computer Name = username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.08.2010 18:42:44 | Computer Name = username-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.08.2010 01:03:23 | Computer Name = username-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.42 für die Netzwerkkarte mit der Netzwerkadresse
 002163802F7C wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 29.08.2010 01:59:53 | Computer Name = username-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 29.08.2010 02:12:32 | Computer Name = username-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.08.2010 um 08:10:47 unerwartet heruntergefahren.
 
Error - 29.08.2010 02:13:24 | Computer Name = username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.08.2010 10:46:44 | Computer Name = username-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.08.2010 um 16:43:38 unerwartet heruntergefahren.
 
Error - 29.08.2010 10:47:41 | Computer Name = username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.08.2010 11:23:46 | Computer Name = username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.08.2010 13:33:43 | Computer Name = username-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---

Alt 29.08.2010, 21:14   #8
john.doe
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



Ask-Toolbar ist nicht deinstalliert. Java und Acrobat Reader ist noch immer veraltet. Du musst PSI schon benutzen, sonst wird das nichts.

Wie geht es dem Rechner, gibt es noch Auffälligkeiten oder Meldungen?

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 29.08.2010, 21:19   #9
Hape42
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



Maschine reagiert wieder normal. Dafür erst mal ein riesiges Dankeschön

Ich reagiere auch normal. Bin kein Profi wie ihr. Brauch da noch was Zeit
Werde jetzt fleissig deinstallieren und updaten. PSI läuft schon...

Alt 29.08.2010, 21:20   #10
john.doe
 
TR/Crypt.IR.45 - Standard

TR/Crypt.IR.45



Starte OTL => Bereinigen => Rechner startet neu.

Du bist entlassen.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Antwort

Themen zu TR/Crypt.IR.45
antivir, antivir guard, dauernd, einiger, gestern, guard, hängt, load.exe, melde, meldet, neustart., nicht mehr, reaktion, schritte, sonstige, stunde, stunden, troja, trojaner



Ähnliche Themen: TR/Crypt.IR.45


  1. TR/Crypt.ZPACK.*, TR.Crypt.XPACK.*, nicht gefundene AdWare
    Log-Analyse und Auswertung - 12.11.2015 (10)
  2. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  3. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  4. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  5. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  6. TR/Crypt.XPACK.Gen8 - TR/Crypt.EPACK.Gen2 - TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (18)
  7. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  8. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  9. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  10. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  11. Massenweise Viren werden in Windows/Temp erstellt (Tr/Crypt.xpack.Gen3+TR/Crypt.Pepn.Gen und andere)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)
  12. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  13. Trojaner TR/Vundo.Gen TR/Crypt.XPACK.Gen TR/Crypt.Morphine.Gen
    Log-Analyse und Auswertung - 09.04.2010 (4)
  14. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  15. 3 Trojaner: TR/FraudPack.240128 TR/Crypt.XPACK.Gen TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  16. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)
  17. TR/Crypt.IL,TR/Crypt.FSPM.Gen,TR/Dldr.Agent.vxo,etc.;formatieren wird geblockt
    Plagegeister aller Art und deren Bekämpfung - 03.05.2009 (1)

Zum Thema TR/Crypt.IR.45 - Hallo, Seit gestern meldet der AntiVir Guard dauernd den Trojaner TR/Crypt.IR.45 im windows/temp verzeichnis Google findet dazu leider (noch) nichts nach load.exe habe ich erst mal TFC ausgeführt. Leider hängt - TR/Crypt.IR.45...
Archiv
Du betrachtest: TR/Crypt.IR.45 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.