Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Infizierung durch TR/Crypt.XPACK.Gen3

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.10.2010, 01:37   #1
jogproof
 
Infizierung durch TR/Crypt.XPACK.Gen3 - Standard

Infizierung durch TR/Crypt.XPACK.Gen3



Hallo

Leider ist mein PC ebenfalls mit dem Trojaner TR/Crypt.XPACK.Gen3 infiziert.
Unter folgendem Pfad gibt mir jeweils Antivir den Fund an:
'C:\WINDOWS\Temp\TMP2A0.tmp
Nach "TMP" varierts.

Gemäss eurem Forum habe ich folgende Schritte bereits ausgeführt:
via www.VirusTotal.com ergab sich folgende Resultat:

Zitat:
File name:
TMP2A0.tmp
Submission date:
2010-10-10 23:07:48 (UTC)
Current status:
queued queued analysing finished
Result:
1/ 43 (2.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.10.10.00 2010.10.09 -
AntiVir 7.10.12.168 2010.10.10 -
Antiy-AVL 2.0.3.7 2010.10.10 -
Authentium 5.2.0.5 2010.10.10 -
Avast 4.8.1351.0 2010.10.10 -
Avast5 5.0.594.0 2010.10.10 -
AVG 9.0.0.851 2010.10.10 -
BitDefender 7.2 2010.10.10 -
CAT-QuickHeal 11.00 2010.10.09 -
ClamAV 0.96.2.0-git 2010.10.11 -
Comodo 6345 2010.10.10 -
DrWeb 5.0.2.03300 2010.10.10 -
Emsisoft 5.0.0.50 2010.10.10 -
eSafe 7.0.17.0 2010.10.07 Win32.TrojanHorse
eTrust-Vet 36.1.7901 2010.10.08 -
F-Prot 4.6.2.117 2010.10.10 -
F-Secure 9.0.15370.0 2010.10.10 -
Fortinet 4.2.249.0 2010.10.10 -
GData 21 2010.10.10 -
Ikarus T3.1.1.90.0 2010.10.10 -
Jiangmin 13.0.900 2010.10.10 -
K7AntiVirus 9.65.2713 2010.10.09 -
Kaspersky 7.0.0.125 2010.10.10 -
McAfee 5.400.0.1158 2010.10.11 -
McAfee-GW-Edition 2010.1C 2010.10.10 -
Microsoft 1.6201 2010.10.10 -
NOD32 5518 2010.10.09 -
Norman 6.06.07 2010.10.10 -
nProtect 2010-10-10.01 2010.10.10 -
Panda 10.0.2.7 2010.10.10 -
PCTools 7.0.3.5 2010.10.11 -
Prevx 3.0 2010.10.11 -
Rising 22.68.05.00 2010.10.09 -
Sophos 4.58.0 2010.10.10 -
Sunbelt 7031 2010.10.10 -
SUPERAntiSpyware 4.40.0.1006 2010.10.10 -
Symantec 20101.2.0.161 2010.10.11 -
TheHacker 6.7.0.1.054 2010.10.10 -
TrendMicro 9.120.0.1004 2010.10.10 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.10 -
VBA32 3.12.14.1 2010.10.08 -
ViRobot 2010.9.25.4060 2010.10.10 -
VirusBuster 12.67.11.0 2010.10.10 -
Additional information
Show all
MD5 : 7843f0ff24ab293658b75a9458377d85
SHA1 : aa303fc85542ea7f5d5c4b40116b8df6aa98d686
SHA256: ad9e2dd0c7242d1da5bb302c763fc9a671de7964602b623c254c57d9f1603d31
ssdeep: 49152:HbzUlfsTmYgPbFHpOIQwEXFRCLaY8+0KegpOQRbxgo0cAIuMP2stvyhGh:HbzDmX3Opwa
qmAOcgo1TPN6hGh
File size : 3292885 bytes
First seen: 2010-10-10 23:07:48
Last seen : 2010-10-10 23:07:48
TrID:
DirectShow filter (47.3%)
Windows OCX File (28.9%)
InstallShield setup (10.1%)
Win32 Executable MS Visual C++ (generic) (8.8%)
Win32 Executable Generic (2.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): 7Z
Symantec reputation:Suspicious.Insight

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team
Bei Malwarebytes ist folgender Log:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4788

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10.10.2010 21:28:02
mbam-log-2010-10-10 (21-28-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 289186
Laufzeit: 2 Stunde(n), 12 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und hier noch der OTL Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.10.2010 00:48:02 - Run 2
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1'023.00 Mb Total Physical Memory | 174.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39.07 Gb Total Space | 2.82 Gb Free Space | 7.22% Space Free | Partition Type: NTFS
Drive D: | 193.75 Gb Total Space | 44.10 Gb Free Space | 22.76% Space Free | Partition Type: FAT32
 
Computer Name: DAVID | User Name: David Tschudin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - c:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Microsoft Office\Office\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Programme\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Programme\YooApplications\Sweepi\Sweepi.exe (YooApplications)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\D4\D4.exe (Thinking Man Software)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\Programme\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Programme\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Programme\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Programme\Iomega\DriveIcons\Imgicon.exe (Iomega)
PRC - C:\Programme\Microsoft Office\Office\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner\OTL.exe (OldTimer Tools)
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\Programme\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Programme\Iomega\DriveIcons\Imghook.dll (Iomega Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Iomega Activity Disk2) -- File not found
SRV - (GB-PVR Recording Service) -- C:\Programme\Devnz\GBPVR\GBPVRRecordingService.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirUpgradeService) -- File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Programme\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
SRV - (Iomega App Services) -- C:\Programme\Iomega\System32\AppServices.exe (Iomega Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\WINDOWS\system32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\WINDOWS\system32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\WINDOWS\system32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\WINDOWS\system32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\WINDOWS\system32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\WINDOWS\system32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (hcw88rc5) -- C:\WINDOWS\system32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (w800obex) -- C:\WINDOWS\system32\drivers\w800obex.sys (MCCI)
DRV - (w800mgmt) -- C:\WINDOWS\system32\drivers\w800mgmt.sys (MCCI)
DRV - (w800mdm) -- C:\WINDOWS\system32\drivers\w800mdm.sys (MCCI)
DRV - (w800mdfl) -- C:\WINDOWS\system32\drivers\w800mdfl.sys (MCCI)
DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\WINDOWS\system32\drivers\w800bus.sys (MCCI)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.uira.ch/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5
FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.5.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.14 21:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.09 01:18:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.09 02:05:36 | 000,000,000 | ---D | M]
 
[2009.02.13 01:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Extensions
[2009.02.13 01:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.10.10 13:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions
[2010.09.25 17:07:50 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.10.01 18:10:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.29 23:14:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.29 23:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2010.09.11 18:20:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.10.15 23:02:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.09 14:13:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.01 19:14:32 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.09.11 01:26:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.12.19 11:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\brief@mozdev.org
[2010.02.13 23:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\de-CH@dictionaries.addons.mozilla.org
[2010.10.09 14:14:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\firefox@facebook.com
[2010.03.06 03:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2010.03.03 21:11:58 | 000,000,000 | ---D | M] (CS Lite) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010.03.03 21:11:59 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2010.03.03 21:12:00 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.03 21:11:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.03 21:11:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.03 21:12:00 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010.10.10 13:00:21 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.11.05 02:26:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.22 23:02:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.08 19:39:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.06.04 00:13:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.11 22:18:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.11 22:18:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.11 22:18:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.11 22:18:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.11 22:18:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.05.05 00:28:08 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Programme\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [Dimension4] C:\Programme\D4\D4.exe (Thinking Man Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [smartproc] C:\WINDOWS\System32\ktyhybch.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Scanner Finder.lnk = C:\Programme\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\David Tschudin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\David Tschudin\Startmenü\Programme\Autostart\GB-PVR Tray.lnk = C:\Programme\Devnz\GBPVR\GBPVRTray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157976344140 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162940245546 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.12.130.66 193.246.253.10
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: UtilAdm - {2BC3C43D-A90E-88B3-EAA7-08BF1B01B0A7} - C:\Programme\tuyidgc\UtilAdm.dll File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.11 13:22:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell - "" = AutoRun
O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.11 00:07:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner
[2010.10.10 13:38:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Malwarebytes
[2010.10.10 13:37:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.10 13:37:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.10.10 13:37:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.10 13:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.09 03:17:51 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack
[2010.10.09 03:12:22 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution
[2010.10.09 03:10:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RapidSolution
[2010.10.09 01:50:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\TuneUpMedia
[2010.10.09 01:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Broad Intelligence
[2010.10.09 01:48:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\OpenCandy
[2010.10.09 01:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\OpenCandy
[2010.10.09 01:18:36 | 000,000,000 | ---D | C] -- C:\Mozilla
[2010.10.04 19:09:29 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.09.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared
[2010.03.20 02:02:33 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe68.dll
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\bass.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.11 00:03:40 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.10.11 00:03:40 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.10.11 00:03:05 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.10.11 00:03:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.10 23:58:30 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.10 23:58:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.10 23:58:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.10 18:47:34 | 000,013,680 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.10 17:48:50 | 011,010,048 | -H-- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\NTUSER.DAT
[2010.10.10 17:48:50 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\ntuser.ini
[2010.10.10 16:45:19 | 007,560,332 | -H-- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.10.10 13:37:59 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.10 00:40:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.10 00:17:38 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1A5979DB-0F1E-477A-8FFA-C1E38DF649BB}.job
[2010.10.09 14:30:18 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.10.09 03:13:07 | 000,000,820 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunebite 7.lnk
[2010.10.09 02:05:37 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.09 00:35:07 | 000,001,868 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010.10.08 07:51:09 | 000,001,053 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.10.08 07:50:53 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\mscandc.ini
[2010.10.06 00:56:38 | 000,174,080 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 00:07:31 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\LimeWire 5.5.16.lnk
[2010.10.04 23:03:42 | 001,324,736 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.10.04 23:03:42 | 000,574,262 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.04 23:03:42 | 000,549,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.04 23:03:42 | 000,123,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.04 23:03:42 | 000,106,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.01 18:04:30 | 000,031,360 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.10.01 17:38:56 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.27 20:17:03 | 000,144,972 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\image_4.jpg
[2010.09.27 20:07:58 | 000,001,496 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2010.09.17 23:01:00 | 000,001,889 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.09.16 22:53:05 | 004,430,507 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\e-water flash-texte.pdf
[2010.09.15 20:24:17 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Poststelle Ahornstrasse Öffnungszeiten.doc
[2010.09.14 22:37:02 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\ScanWizard 5.lnk
[2010.09.14 22:03:26 | 000,000,035 | ---- | M] () -- C:\WINDOWS\Ulead32.INI
[2010.09.14 22:03:20 | 000,004,560 | ---- | M] () -- C:\WINDOWS\SM_25_W150.id14
[2010.09.14 22:03:20 | 000,004,560 | ---- | M] () -- C:\WINDOWS\SM_25_D150.id14
[2010.09.14 22:02:53 | 000,003,822 | ---- | M] () -- C:\WINDOWS\SM_25_W75.id14
[2010.09.14 22:02:53 | 000,003,822 | ---- | M] () -- C:\WINDOWS\SM_25_D75.id14
[2010.09.14 21:14:18 | 000,000,821 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer SP.lnk
[2010.09.14 21:13:46 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010.09.14 21:12:58 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010.09.14 21:12:58 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010.09.14 21:11:28 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.09.14 21:11:28 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.09.14 21:11:28 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.10 13:37:59 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.09 03:13:07 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunebite 7.lnk
[2010.10.09 02:05:36 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.05 00:07:31 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\LimeWire 5.5.16.lnk
[2010.10.04 19:22:19 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.09.27 20:17:02 | 000,144,972 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\image_4.jpg
[2010.09.17 23:01:00 | 000,001,889 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.09.16 22:53:05 | 004,430,507 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\e-water flash-texte.pdf
[2010.09.15 20:24:17 | 000,023,040 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Poststelle Ahornstrasse Öffnungszeiten.doc
[2010.09.14 22:37:02 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\ScanWizard 5.lnk
[2010.09.14 21:14:18 | 000,000,821 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer SP.lnk
[2010.09.14 21:14:17 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.09.14 21:14:15 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.08.21 19:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2010.02.15 22:23:31 | 000,001,496 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2010.01.12 06:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.01.02 01:31:21 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.09.19 12:13:03 | 000,000,013 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\60VC14D0-20C5-16GR-07MM-Q168H3F6T000.ini
[2009.07.08 20:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009.06.26 07:52:06 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.06.26 07:52:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.06.26 07:52:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.06.26 07:52:00 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.26 07:52:00 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.26 07:51:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.04.11 11:43:27 | 000,001,836 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008.12.29 01:00:11 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2008.12.29 00:55:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini
[2008.12.29 00:48:13 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2008.12.29 00:48:08 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2008.12.29 00:48:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.08.15 21:21:41 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.08.01 18:17:42 | 000,000,013 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\602014D0-F6C5-16B7-54DD-7568A2F6B000.ini
[2007.12.11 22:34:01 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2007.10.20 18:33:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SecurityandPrivacy3.ini
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll
[2007.07.27 22:19:15 | 000,001,868 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.07.11 23:55:40 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007.06.09 03:15:33 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C9B086CE-4A3B-11DB-8373-B622A1EF5492
[2007.06.09 02:24:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.06.02 00:53:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\pctcp.ini
[2007.06.02 00:19:47 | 000,001,269 | ---- | C] () -- C:\WINDOWS\HPDWNLD.INI
[2007.05.03 19:51:33 | 000,000,099 | ---- | C] () -- C:\WINDOWS\CCWINPAY.INI
[2007.05.03 19:51:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CChannel.ini
[2007.04.22 23:20:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007.03.05 13:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.01.25 20:31:59 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006.11.13 01:40:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.11.08 22:08:02 | 000,000,532 | ---- | C] () -- C:\WINDOWS\PEBE.INI
[2006.11.08 00:39:00 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2006.11.05 18:10:52 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Lunarmedia Clock B..ini
[2006.11.05 02:37:38 | 000,174,080 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.05 01:17:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.11.05 00:50:37 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006.11.05 00:50:37 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006.11.05 00:50:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006.11.05 00:50:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2006.11.05 00:50:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006.11.05 00:50:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2006.11.05 00:50:36 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006.11.05 00:50:36 | 000,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI
[2006.11.05 00:50:36 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006.11.05 00:50:35 | 000,000,453 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006.11.05 00:50:35 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006.11.05 00:50:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2006.11.05 00:43:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2006.11.04 23:19:37 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\ogg.dll
[2006.09.12 13:10:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.12 12:57:20 | 000,002,121 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2006.09.12 12:57:17 | 000,029,903 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006.09.12 12:57:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2006.09.11 13:57:39 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll
[2004.05.04 08:29:54 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL
[2002.09.23 12:11:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2001.07.31 03:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 176 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
 
< End of report >
         
--- --- ---


Und OTL Extra Log:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.10.2010 00:48:02 - Run 2
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1'023.00 Mb Total Physical Memory | 174.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39.07 Gb Total Space | 2.82 Gb Free Space | 7.22% Space Free | Partition Type: NTFS
Drive D: | 193.75 Gb Total Space | 44.10 Gb Free Space | 22.76% Space Free | Partition Type: FAT32
 
Computer Name: DAVID | User Name: David Tschudin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"25141:TCP" = 25141:TCP:*:Enabled:BitComet 25141 TCP
"25141:UDP" = 25141:UDP:*:Enabled:BitComet 25141 UDP
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\ftp-uploader\FTPUploader.exe" = C:\Programme\ftp-uploader\FTPUploader.exe:*:Enabled:ftpuploader.de -- (sysb)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found
"C:\Programme\uTorrent\utorrent.exe" = C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe" = C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- File not found
"C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0 -- (Sony Creative Software Inc.)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programme\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Programme\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- File not found
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04584A06-E3DA-4A8F-A1A9-E91EFF5B6829}" = GB-PVR
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B562FD-E90D-4DC8-89E8-75C706D06E2B}" = Sony Media Manager 2.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = Microtek FineReader OCR Engine
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{408FA92C-0766-48A1-8055-D6DFD27B7C2B}" = C-CHANNEL OnlineUpdate
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0
"{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}" = Disc2Phone
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C499C8-AB66-11D5-BFC3-0050DADD1B5E}" = C-CHANNEL e-banking (PAYMAKER / NetBanking)
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D59AB1B-B564-44AC-B57F-701A090A7380}" = ASUS nVidia Driver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{935FF092-EEBA-4E97-8C1B-CD2364F392A4}" = Dimension 4 v5.0
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A250A639-C739-4B6E-99CD-C11F589A8369}" = Documents Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6871F03-E140-4559-8940-AD1CC3D58CEE}" = Sony Ericsson PC Suite
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE085E37-93BB-4CB5-BA98-9777A393EDCE}" = Tunebite
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC888258-F37C-11D2-9594-00A0C9CD527E}" = Fotoalbum-Add-In
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Premium
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"4528-3220-6381-2600" = BalTax 2009 5.0.1
"7-Zip" = 7-Zip 4.57
"Active Disk" = Active Disk
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Astalavista_is1" = Astalavista
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BalTax 2008 4.0.2" = BalTax 2008 4.0.2
"Banana50_is1" = Banana Buchhaltung 5.0
"Banana60_is1" = Banana Buchhaltung 6.0
"Brother HL-5140" = Brother HL-5140
"Browser Defender_is1" = Browser Defender 2.0.6.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E-Finance Java Edition" = E-Finance Java Edition
"eSalaryReport" = eSalaryReport
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FreePDF_XP" = FreePDF XP (Remove only)
"ftp-uploader" = ftp-uploader
"GMX MultiMessenger" = GMX MultiMessenger
"Google Updater" = Google Updater
"GPL Ghostscript 8.15" = GPL Ghostscript 8.15
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IomegaWare" = IomegaWare 4.0.2
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LimeWire" = LimeWire 5.5.16
"Lunarmedia Clock B." = Lunarmedia Clock B.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCFriendly" = PCFriendly
"RAR Password Cracker" = RAR Password Cracker 4.12
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Screensaver SBB" = Screensaver SBB
"Snapform Viewer 1.6.02" = Snapform Viewer 1.6.02
"SofTax GR 2006NP 2007JP" = SofTax GR 2006NP 2007JP
"SofTax GR 2007NP 2008JP" = SofTax GR 2007NP 2008JP
"SofTax GR 2009 JP" = SofTax GR 2009 JP
"Spyware Doctor" = Spyware Doctor 7.0
"Sweepi_is1" = Sweepi 5.4.00
"Sybase SQL Anywhere 5.0" = Sybase SQL Anywhere 5.0
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Update Service
"VLC media player" = VLC media player 1.1.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.1.2.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.10.2010 23:03:06 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
Error - 08.10.2010 00:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
Error - 08.10.2010 01:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
Error - 08.10.2010 02:03:07 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
Error - 08.10.2010 19:50:19 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 08.10.2010 20:01:23 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 512: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 08.10.2010 20:01:35 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 08.10.2010 20:08:44 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 08.10.2010 21:48:32 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
Error - 09.10.2010 08:36:41 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
 
[ System Events ]
Error - 10.10.2010 10:42:41 | Computer Name = DAVID | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ppa
 
Error - 10.10.2010 10:46:27 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
 
Error - 10.10.2010 10:46:27 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
 
Error - 10.10.2010 11:50:48 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
 
Error - 10.10.2010 11:50:48 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
 
Error - 10.10.2010 12:46:00 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
 
Error - 10.10.2010 12:46:00 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
 
Error - 10.10.2010 17:59:17 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
 
Error - 10.10.2010 17:59:17 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
 
Error - 10.10.2010 18:01:25 | Computer Name = DAVID | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst nvsvc.
 
 
< End of report >
         
--- --- ---


Vielen Dank für die weitere Hilfe.
Angehängte Dateien
Dateityp: txt Extras.Txt (50,2 KB, 207x aufgerufen)
Dateityp: txt mbam-log-2010-10-10 (21-28-02).txt (1,1 KB, 157x aufgerufen)

Alt 11.10.2010, 12:41   #2
markusg
/// Malware-holic
 
Infizierung durch TR/Crypt.XPACK.Gen3 - Standard

Infizierung durch TR/Crypt.XPACK.Gen3



das sind fehlalarme, rechtsklick avira schirm, guard deaktivieren.
dann avira öffnen, verwaltung, quarantäne, suche diese tmp dateien raus, wiederherstellen in, desktop.
Submit your sample
die dateien dort mit verdacht auf fehlalarm hochladen. poste die ergebnisse.
dateien löschen, papierkorb leeren, guard einschalten
__________________


Alt 12.10.2010, 00:24   #3
jogproof
 
Infizierung durch TR/Crypt.XPACK.Gen3 - Standard

Infizierung durch TR/Crypt.XPACK.Gen3



Vielen Dank für die rasche Antwort.
__________________

Alt 12.10.2010, 07:34   #4
jogproof
 
Infizierung durch TR/Crypt.XPACK.Gen3 - Standard

Infizierung durch TR/Crypt.XPACK.Gen3



Ich bins nochmal.

Habe Malewarebytes ein weiteres mal laufen lassen und folgendes Resultat bekommen:

Zitat:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4796

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12.10.2010 07:09:22
mbam-log-2010-10-12 (07-09-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 291235
Laufzeit: 1 Stunde(n), 53 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\Temp\TMP95C.tmp (Trojan.Downloader) -> Delete on reboot.
Hier die beiden OTL Logs:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.10.2010 07:10:29 - Run 3
OTL by OldTimer - Version 3.2.15.0     Folder = C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1'023.00 Mb Total Physical Memory | 426.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39.07 Gb Total Space | 2.71 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
Drive D: | 193.75 Gb Total Space | 44.10 Gb Free Space | 22.76% Space Free | Partition Type: FAT32
 
Computer Name: DAVID | User Name: David Tschudin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Programme\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\D4\D4.exe (Thinking Man Software)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\Programme\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Programme\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Programme\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Programme\Iomega\DriveIcons\Imgicon.exe (Iomega)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner\OTL.exe (OldTimer Tools)
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Programme\Iomega\DriveIcons\Imghook.dll (Iomega Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Iomega Activity Disk2) --  File not found
SRV - (GB-PVR Recording Service) -- C:\Programme\Devnz\GBPVR\GBPVRRecordingService.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirUpgradeService) --  File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Programme\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
SRV - (Iomega App Services) -- C:\Programme\Iomega\System32\AppServices.exe (Iomega Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\WINDOWS\system32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\WINDOWS\system32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\WINDOWS\system32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\WINDOWS\system32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\WINDOWS\system32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\WINDOWS\system32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (hcw88rc5) -- C:\WINDOWS\system32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (w800obex) -- C:\WINDOWS\system32\drivers\w800obex.sys (MCCI)
DRV - (w800mgmt) -- C:\WINDOWS\system32\drivers\w800mgmt.sys (MCCI)
DRV - (w800mdm) -- C:\WINDOWS\system32\drivers\w800mdm.sys (MCCI)
DRV - (w800mdfl) -- C:\WINDOWS\system32\drivers\w800mdfl.sys (MCCI)
DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\WINDOWS\system32\drivers\w800bus.sys (MCCI)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.uira.ch/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5
FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.5.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.14 21:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.09 01:18:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.09 02:05:36 | 000,000,000 | ---D | M]
 
[2009.02.13 01:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Extensions
[2009.02.13 01:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.10.11 20:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions
[2010.09.25 17:07:50 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.10.01 18:10:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.29 23:14:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.29 23:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2010.09.11 18:20:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.10.15 23:02:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.09 14:13:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.01 19:14:32 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.09.11 01:26:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.12.19 11:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\brief@mozdev.org
[2010.02.13 23:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\de-CH@dictionaries.addons.mozilla.org
[2010.10.09 14:14:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\firefox@facebook.com
[2010.03.06 03:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2010.03.03 21:11:58 | 000,000,000 | ---D | M] (CS Lite) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010.03.03 21:11:59 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2010.03.03 21:12:00 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.03 21:11:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.03 21:11:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.03 21:12:00 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010.10.11 20:48:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.11.05 02:26:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.22 23:02:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.08 19:39:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.06.04 00:13:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.11 22:18:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.11 22:18:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.11 22:18:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.11 22:18:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.11 22:18:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.05.05 00:28:08 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Programme\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [Dimension4] C:\Programme\D4\D4.exe (Thinking Man Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Power2GoExpress]  File not found
O4 - HKCU..\Run: [smartproc] C:\WINDOWS\System32\ktyhybch.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Scanner Finder.lnk = C:\Programme\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\David Tschudin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\David Tschudin\Startmenü\Programme\Autostart\GB-PVR Tray.lnk = C:\Programme\Devnz\GBPVR\GBPVRTray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157976344140 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162940245546 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: UtilAdm - {2BC3C43D-A90E-88B3-EAA7-08BF1B01B0A7} - C:\Programme\tuyidgc\UtilAdm.dll File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.11 13:22:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell - "" = AutoRun
O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.11 00:07:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner
[2010.10.10 13:38:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Malwarebytes
[2010.10.10 13:37:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.10 13:37:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.10.10 13:37:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.10 13:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.09 03:17:51 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack
[2010.10.09 03:12:22 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution
[2010.10.09 03:10:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RapidSolution
[2010.10.09 01:50:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\TuneUpMedia
[2010.10.09 01:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Broad Intelligence
[2010.10.09 01:48:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\OpenCandy
[2010.10.09 01:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\OpenCandy
[2010.10.09 01:18:36 | 000,000,000 | ---D | C] -- C:\Mozilla
[2010.10.04 19:09:29 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.09.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared
[2010.03.20 02:02:33 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe68.dll
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\bass.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.12 07:09:45 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\sakjurr.sys
[2010.10.12 07:03:05 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.12 06:04:11 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1A5979DB-0F1E-477A-8FFA-C1E38DF649BB}.job
[2010.10.12 01:15:44 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.10.12 00:24:55 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.10.12 00:24:54 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.10.11 23:03:01 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.11 20:38:51 | 000,013,680 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.11 20:36:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.11 20:36:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.11 12:41:44 | 011,010,048 | -H-- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\NTUSER.DAT
[2010.10.11 12:12:55 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.10.11 10:13:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.11 10:02:59 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\ntuser.ini
[2010.10.11 10:02:42 | 009,152,044 | -H-- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.10.11 07:43:08 | 000,031,360 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.10.11 07:40:06 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.10 13:37:59 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.09 14:30:18 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.10.09 03:13:07 | 000,000,820 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunebite 7.lnk
[2010.10.09 02:05:37 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.09 00:35:07 | 000,001,868 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010.10.08 07:51:09 | 000,001,053 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.10.08 07:50:53 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\mscandc.ini
[2010.10.06 00:56:38 | 000,174,080 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 00:07:31 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\LimeWire 5.5.16.lnk
[2010.10.04 23:03:42 | 001,324,736 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.10.04 23:03:42 | 000,574,262 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.04 23:03:42 | 000,549,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.04 23:03:42 | 000,123,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.04 23:03:42 | 000,106,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.27 20:07:58 | 000,001,496 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2010.09.17 23:01:00 | 000,001,889 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.09.16 22:53:05 | 004,430,507 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\e-water flash-texte.pdf
[2010.09.15 20:24:17 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Poststelle Ahornstrasse Öffnungszeiten.doc
[2010.09.14 22:37:02 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\ScanWizard 5.lnk
[2010.09.14 22:03:26 | 000,000,035 | ---- | M] () -- C:\WINDOWS\Ulead32.INI
[2010.09.14 22:03:20 | 000,004,560 | ---- | M] () -- C:\WINDOWS\SM_25_W150.id14
[2010.09.14 22:03:20 | 000,004,560 | ---- | M] () -- C:\WINDOWS\SM_25_D150.id14
[2010.09.14 22:02:53 | 000,003,822 | ---- | M] () -- C:\WINDOWS\SM_25_W75.id14
[2010.09.14 22:02:53 | 000,003,822 | ---- | M] () -- C:\WINDOWS\SM_25_D75.id14
[2010.09.14 21:14:18 | 000,000,821 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer SP.lnk
[2010.09.14 21:13:46 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010.09.14 21:12:58 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010.09.14 21:12:58 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010.09.14 21:11:28 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.09.14 21:11:28 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.09.14 21:11:28 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.12 07:09:45 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\sakjurr.sys
[2010.10.10 13:37:59 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.09 03:13:07 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunebite 7.lnk
[2010.10.09 02:05:36 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.05 00:07:31 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\LimeWire 5.5.16.lnk
[2010.10.04 19:22:19 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.09.17 23:01:00 | 000,001,889 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.09.16 22:53:05 | 004,430,507 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\e-water flash-texte.pdf
[2010.09.15 20:24:17 | 000,023,040 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Poststelle Ahornstrasse Öffnungszeiten.doc
[2010.09.14 22:37:02 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\ScanWizard 5.lnk
[2010.09.14 21:14:18 | 000,000,821 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer SP.lnk
[2010.09.14 21:14:17 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.09.14 21:14:15 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.08.21 19:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2010.02.15 22:23:31 | 000,001,496 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2010.01.12 06:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.01.02 01:31:21 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.09.19 12:13:03 | 000,000,013 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\60VC14D0-20C5-16GR-07MM-Q168H3F6T000.ini
[2009.07.08 20:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009.06.26 07:52:06 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.06.26 07:52:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.06.26 07:52:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.06.26 07:52:00 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.26 07:52:00 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.26 07:51:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.04.11 11:43:27 | 000,001,836 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008.12.29 01:00:11 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2008.12.29 00:55:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini
[2008.12.29 00:48:13 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2008.12.29 00:48:08 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2008.12.29 00:48:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.08.15 21:21:41 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.08.01 18:17:42 | 000,000,013 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\602014D0-F6C5-16B7-54DD-7568A2F6B000.ini
[2007.12.11 22:34:01 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2007.10.20 18:33:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SecurityandPrivacy3.ini
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll
[2007.07.27 22:19:15 | 000,001,868 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.07.11 23:55:40 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007.06.09 03:15:33 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C9B086CE-4A3B-11DB-8373-B622A1EF5492
[2007.06.09 02:24:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.06.02 00:53:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\pctcp.ini
[2007.06.02 00:19:47 | 000,001,269 | ---- | C] () -- C:\WINDOWS\HPDWNLD.INI
[2007.05.03 19:51:33 | 000,000,099 | ---- | C] () -- C:\WINDOWS\CCWINPAY.INI
[2007.05.03 19:51:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CChannel.ini
[2007.04.22 23:20:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007.03.05 13:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.01.25 20:31:59 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006.11.13 01:40:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.11.08 22:08:02 | 000,000,532 | ---- | C] () -- C:\WINDOWS\PEBE.INI
[2006.11.08 00:39:00 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2006.11.05 18:10:52 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Lunarmedia Clock B..ini
[2006.11.05 02:37:38 | 000,174,080 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.05 01:17:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.11.05 00:50:37 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006.11.05 00:50:37 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006.11.05 00:50:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006.11.05 00:50:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2006.11.05 00:50:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006.11.05 00:50:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2006.11.05 00:50:36 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006.11.05 00:50:36 | 000,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI
[2006.11.05 00:50:36 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006.11.05 00:50:35 | 000,000,453 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006.11.05 00:50:35 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006.11.05 00:50:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2006.11.05 00:43:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2006.11.04 23:19:37 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\ogg.dll
[2006.09.12 13:10:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.12 12:57:20 | 000,002,121 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2006.09.12 12:57:17 | 000,029,903 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006.09.12 12:57:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2006.09.11 13:57:39 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll
[2004.05.04 08:29:54 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL
[2002.09.23 12:11:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2001.07.31 03:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 176 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8

< End of report >
         
--- --- ---


OTL Extra:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.10.2010 07:10:29 - Run 3
OTL by OldTimer - Version 3.2.15.0     Folder = C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1'023.00 Mb Total Physical Memory | 426.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39.07 Gb Total Space | 2.71 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
Drive D: | 193.75 Gb Total Space | 44.10 Gb Free Space | 22.76% Space Free | Partition Type: FAT32
 
Computer Name: DAVID | User Name: David Tschudin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"25141:TCP" = 25141:TCP:*:Enabled:BitComet 25141 TCP
"25141:UDP" = 25141:UDP:*:Enabled:BitComet 25141 UDP
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\ftp-uploader\FTPUploader.exe" = C:\Programme\ftp-uploader\FTPUploader.exe:*:Enabled:ftpuploader.de -- (sysb)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found
"C:\Programme\uTorrent\utorrent.exe" = C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe" = C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath  -- File not found
"C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0 -- (Sony Creative Software Inc.)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programme\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Programme\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- File not found
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04584A06-E3DA-4A8F-A1A9-E91EFF5B6829}" = GB-PVR
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B562FD-E90D-4DC8-89E8-75C706D06E2B}" = Sony Media Manager 2.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = Microtek FineReader OCR Engine
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{408FA92C-0766-48A1-8055-D6DFD27B7C2B}" = C-CHANNEL OnlineUpdate
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0
"{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}" = Disc2Phone
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C499C8-AB66-11D5-BFC3-0050DADD1B5E}" = C-CHANNEL e-banking (PAYMAKER / NetBanking)
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D59AB1B-B564-44AC-B57F-701A090A7380}" = ASUS nVidia Driver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{935FF092-EEBA-4E97-8C1B-CD2364F392A4}" = Dimension 4 v5.0
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A250A639-C739-4B6E-99CD-C11F589A8369}" = Documents Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6871F03-E140-4559-8940-AD1CC3D58CEE}" = Sony Ericsson PC Suite
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE085E37-93BB-4CB5-BA98-9777A393EDCE}" = Tunebite
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC888258-F37C-11D2-9594-00A0C9CD527E}" = Fotoalbum-Add-In
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Premium
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"4528-3220-6381-2600" = BalTax 2009 5.0.1
"7-Zip" = 7-Zip 4.57
"Active Disk" = Active Disk
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Astalavista_is1" = Astalavista
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BalTax 2008 4.0.2" = BalTax 2008 4.0.2
"Banana50_is1" = Banana Buchhaltung 5.0
"Banana60_is1" = Banana Buchhaltung 6.0
"Brother HL-5140" = Brother HL-5140
"Browser Defender_is1" = Browser Defender 2.0.6.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E-Finance Java Edition" = E-Finance Java Edition
"eSalaryReport" = eSalaryReport
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FreePDF_XP" = FreePDF XP (Remove only)
"ftp-uploader" = ftp-uploader
"GMX MultiMessenger" = GMX MultiMessenger
"Google Updater" = Google Updater
"GPL Ghostscript 8.15" = GPL Ghostscript 8.15
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IomegaWare" = IomegaWare 4.0.2
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LimeWire" = LimeWire 5.5.16
"Lunarmedia Clock B." = Lunarmedia Clock B.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCFriendly" = PCFriendly
"RAR Password Cracker" = RAR Password Cracker 4.12
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Screensaver SBB" = Screensaver SBB
"Snapform Viewer 1.6.02" = Snapform Viewer 1.6.02
"SofTax GR 2006NP 2007JP" = SofTax GR 2006NP 2007JP
"SofTax GR 2007NP 2008JP" = SofTax GR 2007NP 2008JP
"SofTax GR 2009 JP" = SofTax GR 2009 JP
"Spyware Doctor" = Spyware Doctor 7.0
"Sweepi_is1" = Sweepi 5.4.00
"Sybase SQL Anywhere 5.0" = Sybase SQL Anywhere 5.0
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Update Service
"VLC media player" = VLC media player 1.1.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.1.2.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.10.2010 20:01:35 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 08.10.2010 20:08:44 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 08.10.2010 21:48:32 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 09.10.2010 08:36:41 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 11.10.2010 20:03:08 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
Error - 11.10.2010 21:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
Error - 11.10.2010 22:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
Error - 11.10.2010 23:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
Error - 12.10.2010 00:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
Error - 12.10.2010 01:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 11.10.2010 01:40:25 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 11.10.2010 01:40:25 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 11.10.2010 04:04:13 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 11.10.2010 04:04:13 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 11.10.2010 04:13:38 | Computer Name = DAVID | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1068" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 11.10.2010 04:13:38 | Computer Name = DAVID | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 11.10.2010 06:41:09 | Computer Name = DAVID | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira
 AntiVir Guard.
 
Error - 11.10.2010 06:41:09 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%1053
 
Error - 11.10.2010 14:36:52 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
Error - 11.10.2010 14:36:52 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%3
 
 
< End of report >
         
--- --- ---


Avira AntiVir meldet unter Ereignisse folgendes:
Zitat:
In der Datei 'C:\System Volume Information\_restore{501B0B1F-681F-4EC7-A8C2-3BC3CF395666}\RP513\A0134569.DLL'
wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Und:
Zitat:
In der Datei 'C:\WINDOWS\Temp\DVADBH'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Ich habe den Temp Ordner gelöscht mit dem Bereinigungs-Assistent von Sweepi 5.4 (YooApplications, you say what you want!).

AntiVir hat mit dann über 160 Viren C:\Windows\Temp\TMP.. (Crypt.XPACK.Gen3) im Temp-Ordner gemeldet.
Sind das über 160 Fehlermeldungen die ich AntiVir melden muss.

Antwort

Themen zu Infizierung durch TR/Crypt.XPACK.Gen3
0x00000001, 32 bit, 7-zip, adblock, alternate, antivir, avgntflt.sys, avira, bho, bonjour, brief, browser guard, cdburnerxp, components, cracker, desktop, dropbox, e-banking, error, firefox, firefox.exe, flash player, google, hdaudio.sys, home, installation, jondofox, jusched.exe, limewire, location, logfile, mozilla, msvcr80.dll, msvcrt, object, oldtimer, otl log, otl.exe, realtek, registry, rundll, saver, scan, searchplugins, server, shell32.dll, shortcut, skype.exe, software, system restore, tr/crypt.xpack.ge, tr/crypt.xpack.gen, trojaner, trojaner tr/crypt.xpack.gen, version., vlc media player, windows, windows internet



Ähnliche Themen: Infizierung durch TR/Crypt.XPACK.Gen3


  1. TR/Crypt.XPACK.Gen3 Trojaner und HTML/ExpKit.Gen3
    Log-Analyse und Auswertung - 14.06.2014 (13)
  2. Trojaner TR/crypt-xpack.gen3 Auswertung Logfiles nach Bearbeitung durch Malwarebytes
    Log-Analyse und Auswertung - 31.03.2012 (10)
  3. TR/Crypt.XPACK.Gen, TR/Sirefef.BV.2, TR/Crypt.XPACK.Gen3, TR/PSW.Karagany.A.73
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  4. Bluescreen nach Crypt.XPACK.Gen3 -Fund durch Avira
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (6)
  5. crypt.xpack.gen3 und mehr Fund durch AntiVir
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (6)
  6. crypt.xpack.gen3 Fund durch AntiVir
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (9)
  7. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  8. Infizierung mit "TR/Crypt.XPACK.Gen3" in C:/Windows/Temp/...
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (4)
  9. infizierung: TR/Crypt.XPACK.Gen3" in C:/Windows/Temp/...
    Mülltonne - 18.10.2010 (1)
  10. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  11. TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (11)
  12. Infizierung mit TR/ATRAPS.Gen und TR/Crypt.XPACK.Gen3
    Log-Analyse und Auswertung - 12.10.2010 (26)
  13. TR/Crypt.XPACK.Gen3, TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (4)
  14. Infizierung durch TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 09.10.2010 (4)
  15. Massenweise Viren werden in Windows/Temp erstellt (Tr/Crypt.xpack.Gen3+TR/Crypt.Pepn.Gen und andere)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)
  16. TR/Crypt.XPACK.Gen3 gelöscht durch Avira, taucht als "ark423.tmp" wieder auf
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (7)
  17. Befall mit TR/Crypt.XPACK.Gen und TR/Crypt.XPACK.Gen3
    Plagegeister aller Art und deren Bekämpfung - 21.09.2010 (23)

Zum Thema Infizierung durch TR/Crypt.XPACK.Gen3 - Hallo Leider ist mein PC ebenfalls mit dem Trojaner TR/Crypt.XPACK.Gen3 infiziert. Unter folgendem Pfad gibt mir jeweils Antivir den Fund an: 'C:\WINDOWS\Temp\TMP2A0.tmp Nach "TMP" varierts. Gemäss eurem Forum habe ich - Infizierung durch TR/Crypt.XPACK.Gen3...
Archiv
Du betrachtest: Infizierung durch TR/Crypt.XPACK.Gen3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.