jogproof | 12.10.2010 06:34 | Ich bins nochmal.
Habe Malewarebytes ein weiteres mal laufen lassen und folgendes Resultat bekommen: Zitat:
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Datenbank Version: 4796
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12.10.2010 07:09:22
mbam-log-2010-10-12 (07-09-22).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 291235
Laufzeit: 1 Stunde(n), 53 Minute(n), 33 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\Temp\TMP95C.tmp (Trojan.Downloader) -> Delete on reboot.
| Hier die beiden OTL Logs:
OTL Logfile: Code:
OTL logfile created on: 12.10.2010 07:10:29 - Run 3
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
1'023.00 Mb Total Physical Memory | 426.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39.07 Gb Total Space | 2.71 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
Drive D: | 193.75 Gb Total Space | 44.10 Gb Free Space | 22.76% Space Free | Partition Type: FAT32
Computer Name: DAVID | User Name: David Tschudin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Programme\ScanWizard 5\ScannerFinder.exe ()
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\D4\D4.exe (Thinking Man Software)
PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\Programme\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Programme\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Programme\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - C:\Programme\Iomega\DriveIcons\Imgicon.exe (Iomega)
PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd)
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner\OTL.exe (OldTimer Tools)
MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll ()
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Programme\Iomega\DriveIcons\Imghook.dll (Iomega Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Iomega Activity Disk2) -- File not found
SRV - (GB-PVR Recording Service) -- C:\Programme\Devnz\GBPVR\GBPVRRecordingService.exe File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirUpgradeService) -- File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Programme\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
SRV - (Iomega App Services) -- C:\Programme\Iomega\System32\AppServices.exe (Iomega Corporation)
========== Driver Services (SafeList) ==========
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\WINDOWS\system32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\WINDOWS\system32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\WINDOWS\system32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\WINDOWS\system32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\WINDOWS\system32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\WINDOWS\system32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (hcw88rc5) -- C:\WINDOWS\system32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (w800obex) -- C:\WINDOWS\system32\drivers\w800obex.sys (MCCI)
DRV - (w800mgmt) -- C:\WINDOWS\system32\drivers\w800mgmt.sys (MCCI)
DRV - (w800mdm) -- C:\WINDOWS\system32\drivers\w800mdm.sys (MCCI)
DRV - (w800mdfl) -- C:\WINDOWS\system32\drivers\w800mdfl.sys (MCCI)
DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\WINDOWS\system32\drivers\w800bus.sys (MCCI)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.uira.ch/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5
FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.5.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.14 21:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.09 01:18:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.09 02:05:36 | 000,000,000 | ---D | M]
[2009.02.13 01:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Extensions
[2009.02.13 01:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.10.11 20:48:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions
[2010.09.25 17:07:50 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.10.01 18:10:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.29 23:14:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.29 23:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2010.09.11 18:20:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.10.15 23:02:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.10.09 14:13:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.01 19:14:32 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.09.11 01:26:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.12.19 11:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\brief@mozdev.org
[2010.02.13 23:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\de-CH@dictionaries.addons.mozilla.org
[2010.10.09 14:14:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\firefox@facebook.com
[2010.03.06 03:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions
[2010.03.03 21:11:58 | 000,000,000 | ---D | M] (CS Lite) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2010.03.03 21:11:59 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2010.03.03 21:12:00 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.03 21:11:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.03 21:11:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.03 21:12:00 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}
[2010.10.11 20:48:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.11.05 02:26:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.22 23:02:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.08 19:39:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.06.04 00:13:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.11 22:18:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.11 22:18:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.11 22:18:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.11 22:18:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.11 22:18:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2007.05.05 00:28:08 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Programme\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [Dimension4] C:\Programme\D4\D4.exe (Thinking Man Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [smartproc] C:\WINDOWS\System32\ktyhybch.exe File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Scanner Finder.lnk = C:\Programme\ScanWizard 5\ScannerFinder.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\David Tschudin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\David Tschudin\Startmenü\Programme\Autostart\GB-PVR Tray.lnk = C:\Programme\Devnz\GBPVR\GBPVRTray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157976344140 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162940245546 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: UtilAdm - {2BC3C43D-A90E-88B3-EAA7-08BF1B01B0A7} - C:\Programme\tuyidgc\UtilAdm.dll File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.11 13:22:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell - "" = AutoRun
O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.10.11 00:07:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner
[2010.10.10 13:38:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Malwarebytes
[2010.10.10 13:37:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.10 13:37:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.10.10 13:37:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.10 13:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.09 03:17:51 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack
[2010.10.09 03:12:22 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution
[2010.10.09 03:10:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RapidSolution
[2010.10.09 01:50:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\TuneUpMedia
[2010.10.09 01:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Broad Intelligence
[2010.10.09 01:48:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\OpenCandy
[2010.10.09 01:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\OpenCandy
[2010.10.09 01:18:36 | 000,000,000 | ---D | C] -- C:\Mozilla
[2010.10.04 19:09:29 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.09.14 21:12:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared
[2010.03.20 02:02:33 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe68.dll
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\bass.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.10.12 07:09:45 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\sakjurr.sys
[2010.10.12 07:03:05 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.12 06:04:11 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1A5979DB-0F1E-477A-8FFA-C1E38DF649BB}.job
[2010.10.12 01:15:44 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.10.12 00:24:55 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.10.12 00:24:54 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.10.11 23:03:01 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.11 20:38:51 | 000,013,680 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.11 20:36:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.11 20:36:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.11 12:41:44 | 011,010,048 | -H-- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\NTUSER.DAT
[2010.10.11 12:12:55 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.10.11 10:13:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.11 10:02:59 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\ntuser.ini
[2010.10.11 10:02:42 | 009,152,044 | -H-- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.10.11 07:43:08 | 000,031,360 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.10.11 07:40:06 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.10 13:37:59 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.09 14:30:18 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.10.09 03:13:07 | 000,000,820 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunebite 7.lnk
[2010.10.09 02:05:37 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.09 00:35:07 | 000,001,868 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010.10.08 07:51:09 | 000,001,053 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.10.08 07:50:53 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\mscandc.ini
[2010.10.06 00:56:38 | 000,174,080 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 00:07:31 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\LimeWire 5.5.16.lnk
[2010.10.04 23:03:42 | 001,324,736 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.10.04 23:03:42 | 000,574,262 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.04 23:03:42 | 000,549,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.04 23:03:42 | 000,123,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.04 23:03:42 | 000,106,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.27 20:07:58 | 000,001,496 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2010.09.17 23:01:00 | 000,001,889 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.09.16 22:53:05 | 004,430,507 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\e-water flash-texte.pdf
[2010.09.15 20:24:17 | 000,023,040 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Poststelle Ahornstrasse Öffnungszeiten.doc
[2010.09.14 22:37:02 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\ScanWizard 5.lnk
[2010.09.14 22:03:26 | 000,000,035 | ---- | M] () -- C:\WINDOWS\Ulead32.INI
[2010.09.14 22:03:20 | 000,004,560 | ---- | M] () -- C:\WINDOWS\SM_25_W150.id14
[2010.09.14 22:03:20 | 000,004,560 | ---- | M] () -- C:\WINDOWS\SM_25_D150.id14
[2010.09.14 22:02:53 | 000,003,822 | ---- | M] () -- C:\WINDOWS\SM_25_W75.id14
[2010.09.14 22:02:53 | 000,003,822 | ---- | M] () -- C:\WINDOWS\SM_25_D75.id14
[2010.09.14 21:14:18 | 000,000,821 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer SP.lnk
[2010.09.14 21:13:46 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010.09.14 21:12:58 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010.09.14 21:12:58 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010.09.14 21:11:28 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.09.14 21:11:28 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.09.14 21:11:28 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.10.12 07:09:45 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\sakjurr.sys
[2010.10.10 13:37:59 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.09 03:13:07 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunebite 7.lnk
[2010.10.09 02:05:36 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.10.05 00:07:31 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\LimeWire 5.5.16.lnk
[2010.10.04 19:22:19 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.09.17 23:01:00 | 000,001,889 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.09.16 22:53:05 | 004,430,507 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\e-water flash-texte.pdf
[2010.09.15 20:24:17 | 000,023,040 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Poststelle Ahornstrasse Öffnungszeiten.doc
[2010.09.14 22:37:02 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\ScanWizard 5.lnk
[2010.09.14 21:14:18 | 000,000,821 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\RealPlayer SP.lnk
[2010.09.14 21:14:17 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.09.14 21:14:15 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job
[2010.08.21 19:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2010.02.15 22:23:31 | 000,001,496 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml
[2010.01.12 06:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.01.02 01:31:21 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.09.19 12:13:03 | 000,000,013 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\60VC14D0-20C5-16GR-07MM-Q168H3F6T000.ini
[2009.07.08 20:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009.06.26 07:52:06 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.06.26 07:52:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.06.26 07:52:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.06.26 07:52:00 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.06.26 07:52:00 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.26 07:51:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.04.11 11:43:27 | 000,001,836 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008.12.29 01:00:11 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2008.12.29 00:55:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini
[2008.12.29 00:48:13 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2008.12.29 00:48:08 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2008.12.29 00:48:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.08.15 21:21:41 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.08.01 18:17:42 | 000,000,013 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\602014D0-F6C5-16B7-54DD-7568A2F6B000.ini
[2007.12.11 22:34:01 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll
[2007.10.20 18:33:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SecurityandPrivacy3.ini
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll
[2007.07.27 22:19:15 | 000,001,868 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.07.11 23:55:40 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007.06.09 03:15:33 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C9B086CE-4A3B-11DB-8373-B622A1EF5492
[2007.06.09 02:24:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.06.02 00:53:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\pctcp.ini
[2007.06.02 00:19:47 | 000,001,269 | ---- | C] () -- C:\WINDOWS\HPDWNLD.INI
[2007.05.03 19:51:33 | 000,000,099 | ---- | C] () -- C:\WINDOWS\CCWINPAY.INI
[2007.05.03 19:51:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CChannel.ini
[2007.04.22 23:20:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2007.03.05 13:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.01.25 20:31:59 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2006.11.13 01:40:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.11.08 22:08:02 | 000,000,532 | ---- | C] () -- C:\WINDOWS\PEBE.INI
[2006.11.08 00:39:00 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2006.11.05 18:10:52 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Lunarmedia Clock B..ini
[2006.11.05 02:37:38 | 000,174,080 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.11.05 01:17:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.11.05 00:50:37 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2006.11.05 00:50:37 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2006.11.05 00:50:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006.11.05 00:50:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini
[2006.11.05 00:50:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006.11.05 00:50:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2006.11.05 00:50:36 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2006.11.05 00:50:36 | 000,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI
[2006.11.05 00:50:36 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2006.11.05 00:50:35 | 000,000,453 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006.11.05 00:50:35 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006.11.05 00:50:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini
[2006.11.05 00:43:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini
[2006.11.04 23:19:37 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\ogg.dll
[2006.09.12 13:10:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.12 12:57:20 | 000,002,121 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2006.09.12 12:57:17 | 000,029,903 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006.09.12 12:57:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2006.09.11 13:57:39 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll
[2004.05.04 08:29:54 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL
[2002.09.23 12:11:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2001.07.31 03:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 176 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report > --- --- ---
OTL Extra:
OTL Logfile: Code:
OTL Extras logfile created on: 12.10.2010 07:10:29 - Run 3
OTL by OldTimer - Version 3.2.15.0 Folder = C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
1'023.00 Mb Total Physical Memory | 426.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39.07 Gb Total Space | 2.71 Gb Free Space | 6.93% Space Free | Partition Type: NTFS
Drive D: | 193.75 Gb Total Space | 44.10 Gb Free Space | 22.76% Space Free | Partition Type: FAT32
Computer Name: DAVID | User Name: David Tschudin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"25141:TCP" = 25141:TCP:*:Enabled:BitComet 25141 TCP
"25141:UDP" = 25141:UDP:*:Enabled:BitComet 25141 UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Programme\ftp-uploader\FTPUploader.exe" = C:\Programme\ftp-uploader\FTPUploader.exe:*:Enabled:ftpuploader.de -- (sysb)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found
"C:\Programme\uTorrent\utorrent.exe" = C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe" = C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- File not found
"C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0 -- (Sony Creative Software Inc.)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Programme\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Programme\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- File not found
"C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04584A06-E3DA-4A8F-A1A9-E91EFF5B6829}" = GB-PVR
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B562FD-E90D-4DC8-89E8-75C706D06E2B}" = Sony Media Manager 2.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = Microtek FineReader OCR Engine
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{408FA92C-0766-48A1-8055-D6DFD27B7C2B}" = C-CHANNEL OnlineUpdate
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0
"{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}" = Disc2Phone
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C499C8-AB66-11D5-BFC3-0050DADD1B5E}" = C-CHANNEL e-banking (PAYMAKER / NetBanking)
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D59AB1B-B564-44AC-B57F-701A090A7380}" = ASUS nVidia Driver
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{935FF092-EEBA-4E97-8C1B-CD2364F392A4}" = Dimension 4 v5.0
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A250A639-C739-4B6E-99CD-C11F589A8369}" = Documents Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6871F03-E140-4559-8940-AD1CC3D58CEE}" = Sony Ericsson PC Suite
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE085E37-93BB-4CB5-BA98-9777A393EDCE}" = Tunebite
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC888258-F37C-11D2-9594-00A0C9CD527E}" = Fotoalbum-Add-In
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Premium
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"4528-3220-6381-2600" = BalTax 2009 5.0.1
"7-Zip" = 7-Zip 4.57
"Active Disk" = Active Disk
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Astalavista_is1" = Astalavista
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BalTax 2008 4.0.2" = BalTax 2008 4.0.2
"Banana50_is1" = Banana Buchhaltung 5.0
"Banana60_is1" = Banana Buchhaltung 6.0
"Brother HL-5140" = Brother HL-5140
"Browser Defender_is1" = Browser Defender 2.0.6.15
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E-Finance Java Edition" = E-Finance Java Edition
"eSalaryReport" = eSalaryReport
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FreePDF_XP" = FreePDF XP (Remove only)
"ftp-uploader" = ftp-uploader
"GMX MultiMessenger" = GMX MultiMessenger
"Google Updater" = Google Updater
"GPL Ghostscript 8.15" = GPL Ghostscript 8.15
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IomegaWare" = IomegaWare 4.0.2
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full)
"LimeWire" = LimeWire 5.5.16
"Lunarmedia Clock B." = Lunarmedia Clock B.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PCFriendly" = PCFriendly
"RAR Password Cracker" = RAR Password Cracker 4.12
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Screensaver SBB" = Screensaver SBB
"Snapform Viewer 1.6.02" = Snapform Viewer 1.6.02
"SofTax GR 2006NP 2007JP" = SofTax GR 2006NP 2007JP
"SofTax GR 2007NP 2008JP" = SofTax GR 2007NP 2008JP
"SofTax GR 2009 JP" = SofTax GR 2009 JP
"Spyware Doctor" = Spyware Doctor 7.0
"Sweepi_is1" = Sweepi 5.4.00
"Sybase SQL Anywhere 5.0" = Sybase SQL Anywhere 5.0
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Update Service
"VLC media player" = VLC media player 1.1.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.1.2.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.10.2010 20:01:35 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 08.10.2010 20:08:44 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 08.10.2010 21:48:32 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 09.10.2010 08:36:41 | Computer Name = DAVID | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 11.10.2010 20:03:08 | Computer Name = DAVID | Source = Google Update | ID = 20
Description =
Error - 11.10.2010 21:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description =
Error - 11.10.2010 22:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description =
Error - 11.10.2010 23:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description =
Error - 12.10.2010 00:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description =
Error - 12.10.2010 01:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20
Description =
[ System Events ]
Error - 11.10.2010 01:40:25 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 11.10.2010 01:40:25 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 11.10.2010 04:04:13 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 11.10.2010 04:04:13 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 11.10.2010 04:13:38 | Computer Name = DAVID | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1068" aufgetreten, als der Dienst "upnphost"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56}
Error - 11.10.2010 04:13:38 | Computer Name = DAVID | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 11.10.2010 06:41:09 | Computer Name = DAVID | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Avira
AntiVir Guard.
Error - 11.10.2010 06:41:09 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira AntiVir Guard" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.10.2010 14:36:52 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 11.10.2010 14:36:52 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
< End of report > --- --- ---
Avira AntiVir meldet unter Ereignisse folgendes: Zitat:
In der Datei 'C:\System Volume Information\_restore{501B0B1F-681F-4EC7-A8C2-3BC3CF395666}\RP513\A0134569.DLL'
wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
| Und: Zitat:
In der Datei 'C:\WINDOWS\Temp\DVADBH'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen3' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
| Ich habe den Temp Ordner gelöscht mit dem Bereinigungs-Assistent von Sweepi 5.4 (YooApplications, you say what you want!).
AntiVir hat mit dann über 160 Viren C:\Windows\Temp\TMP.. (Crypt.XPACK.Gen3) im Temp-Ordner gemeldet.
Sind das über 160 Fehlermeldungen die ich AntiVir melden muss. |