Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Crypt.ZPACK.Gen wieder mal.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.04.2010, 19:11   #1
trigger_de
 
TR/Crypt.ZPACK.Gen wieder mal. - Standard

TR/Crypt.ZPACK.Gen wieder mal.



Hallo Erbitte Hilfe wegen dem Trojaner TR/Crypt.ZPACK.Gen der mich seit längerem nervt.
Ich habe es bislang leider noch nicht geschafft den zu entfernen.
Trotz Malwarebytes (neuste Version) und Spywareblaster.
Nur der Guard von Avira (neuste Version) findet den.
Dabei weiss ich gar nicht dass ich irgendwas heruntergeladen habe etc...
Hier der HijackThis Auszug:
----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:50, on 24.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE
D:\Programme\Nero9\Nero 9\InCD\InCDSrv.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Klebezettel NG\klebez.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Klebezettel NG] "C:\Programme\Klebezettel NG\klebez.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: hxxp://fpdownload.macromedia.com
O15 - Trusted Zone: hxxp://www.macromedia.com
O15 - Trusted Zone: hxxp://sdc.shockwave.com
O15 - Trusted Zone: hxxp://*.shoutcast.com
O15 - Trusted Zone: hxxp://*.winamp.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDSrv) - Nero AG - D:\Programme\Nero9\Nero 9\InCD\InCDSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Unknown owner - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - D:\Programme\Nero9\Nero 9\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5101 bytes

-------------
Vielen Dank schon mal im voraus,
Trigger_de

Alt 25.04.2010, 14:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen wieder mal. - Standard

TR/Crypt.ZPACK.Gen wieder mal.



Hallo und

Zitat:
Trotz Malwarebytes (neuste Version) und Spywareblaster.
Logfiles bitte alle posten. Danach OTL anwenden:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 25.04.2010, 17:27   #3
trigger_de
 
TR/Crypt.ZPACK.Gen wieder mal. - Standard

TR/Crypt.ZPACK.Gen wieder mal.



OTL logfile created on: 25.04.2010 18:19:09 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Down
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,55 Gb Total Space | 12,07 Gb Free Space | 47,26% Space Free | Partition Type: NTFS
Drive D: | 406,70 Gb Total Space | 146,58 Gb Free Space | 36,04% Space Free | Partition Type: NTFS
Drive E: | 33,51 Gb Total Space | 24,81 Gb Free Space | 74,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMD
Current User Name: Manni
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Down\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Klebezettel NG\klebez.exe (Hollie-Soft)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - D:\Programme\Nero9\Nero 9\InCD\InCDSrv.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Down\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (NBService) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (InCDSrv) -- D:\Programme\Nero9\Nero 9\InCD\InCDSrv.exe (Nero AG)
SRV - (NeroRegInCDSrv) -- D:\Programme\Nero9\Nero 9\InCD\NBHRegInCDSrv.exe (Nero AG)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RRNetCapMP) -- C:\WINDOWS\system32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\WINDOWS\system32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (InCDRm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDFs) -- C:\WINDOWS\system32\drivers\InCDFs.sys (Nero AG)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (cm102u32) -- C:\WINDOWS\system32\drivers\c6501.sys (C-Media Inc)
DRV - (c65013264) -- C:\WINDOWS\system32\drivers\c6501.sys (C-Media Inc)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (kbfilter) -- C:\WINDOWS\system32\drivers\kbfilter.sys (WayTech Development, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "GoogleFeed.net"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.backup.ftp: "hxxp://newyearspirit.co.cc/"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: "hxxp://newyearspirit.co.cc/"
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "hxxp://newyearspirit.co.cc/"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "hxxp://newyearspirit.co.cc/"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "hxxp://newyearspirit.co.cc/"
FF - prefs.js..network.proxy.gopher: "hxxp://newyearspirit.co.cc/"
FF - prefs.js..network.proxy.http: "hxxp://newyearspirit.co.cc/"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "hxxp://newyearspirit.co.cc/"
FF - prefs.js..network.proxy.ssl: "hxxp://newyearspirit.co.cc/"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.02.28 14:40:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.02 11:53:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.20 17:59:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.03.31 07:37:17 | 000,000,000 | ---D | M]

[2010.02.09 00:26:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Extensions
[2010.02.09 00:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.04.25 09:24:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\extensions
[2010.01.18 14:05:15 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.01.23 19:35:59 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010.04.13 15:20:46 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009.08.23 07:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2010.01.08 14:31:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.08.28 21:19:06 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.09 13:21:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.05.19 18:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\extensions\moveplayer@movenetworks.com
[2009.11.14 20:29:26 | 000,000,003 | ---- | M] () -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\Mozilla\Firefox\Profiles\prymplv5.default\searchplugins\GoogleFeed.xml
[2010.04.25 09:24:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.20 17:59:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.20 17:59:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.03.12 09:09:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 09:09:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 09:09:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 09:09:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 09:09:03 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.25 11:26:01 | 000,392,788 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 Proben bei 1000Gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13564 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [C6501Sound] File not found
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [Klebezettel NG] C:\Programme\Klebezettel NG\klebez.exe (Hollie-Soft)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 11
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: macromedia.com ([fpdownload] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: macromedia.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: shockwave.com ([sdc] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: shoutcast.com ([]http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: winamp.com ([]http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\ufxw.exe) - C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\ufxw.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Manni\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Manni\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.26 12:27:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.06.26 12:27:07 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.01.20 08:20:32 | 000,000,000 | ---D | M] - E:\Automusik -- [ NTFS ]
O33 - MountPoints2\{13c9f183-8c54-11dd-9d0a-001bfcafac21}\Shell\AutoRun\command - "" = M:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O33 - MountPoints2\{83648aea-793e-11de-9b4b-001bfcafac21}\Shell\AutoRun\command - "" = H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.25 12:10:47 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Manni\Recent
[2010.04.25 12:10:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.04.25 12:10:34 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.04.25 12:07:23 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.25 12:07:17 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.04.25 11:07:05 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.04.25 11:07:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.04.24 19:28:51 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.23 16:35:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Manni\Anwendungsdaten\vlc
[2010.04.23 16:24:18 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Manni\UserData
[2010.04.23 14:57:51 | 000,000,000 | ---D | C] -- C:\Programme\SpywareBlaster
[2010.04.23 08:21:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.04.23 08:07:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.04.20 17:59:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.04.20 17:59:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2010.04.20 17:59:21 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.20 17:59:21 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.20 17:59:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.20 17:59:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.20 17:59:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.11 14:09:00 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack
[2010.04.11 14:08:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2010.04.11 14:06:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Manni\Lokale Einstellungen\Anwendungsdaten\RapidSolution
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.25 18:18:36 | 015,204,352 | ---- | M] () -- C:\Dokumente und Einstellungen\Manni\NTUSER.DAT
[2010.04.25 18:16:53 | 077,690,912 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.04.25 18:00:02 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.04.25 12:15:40 | 000,000,872 | ---- | M] () -- C:\WINDOWS\System\C6501.ini
[2010.04.25 12:13:48 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.04.25 12:12:19 | 000,358,830 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.04.25 12:11:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.25 12:11:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.25 12:10:56 | 000,917,036 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.04.25 12:10:48 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Manni\ntuser.ini
[2010.04.25 12:10:33 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.04.25 12:10:30 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.04.25 12:07:22 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.04.25 11:26:01 | 000,392,788 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.25 10:14:03 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.04.24 14:10:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.24 11:38:25 | 003,172,470 | -H-- | M] () -- C:\Dokumente und Einstellungen\Manni\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.24 01:01:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.23 16:34:55 | 000,000,595 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.04.23 16:33:41 | 018,499,623 | ---- | M] () -- C:\Dokumente und Einstellungen\Manni\Eigene Dateien\vlc-1.0.5-win32.exe
[2010.04.23 14:57:54 | 000,000,670 | ---- | M] () -- C:\Dokumente und Einstellungen\Manni\Desktop\SpywareBlaster.lnk
[2010.04.23 08:00:06 | 000,086,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Manni\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.20 17:59:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.20 17:59:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.20 17:59:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.20 17:59:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.20 17:59:10 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.16 08:18:52 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[2010.04.12 18:17:27 | 000,010,460 | ---- | M] () -- C:\Dokumente und Einstellungen\Manni\Eigene Dateien\devk.odt
[2010.04.12 09:12:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.11 14:21:20 | 000,000,118 | ---- | M] () -- C:\WINDOWS\Podcasts.INI
[2010.04.10 14:38:59 | 000,000,571 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.29 08:39:45 | 001,043,836 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.29 08:39:45 | 000,448,918 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.03.29 08:39:45 | 000,432,856 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.29 08:39:45 | 000,080,464 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.03.29 08:39:45 | 000,067,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.27 11:00:52 | 000,002,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Manni\Eigene Dateien\Ferien_Nordrhein_Westfalen_2010.ics
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.25 13:27:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.04.25 12:13:46 | 000,000,470 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.04.25 12:07:22 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.04.24 01:01:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.04.23 16:34:55 | 000,000,595 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.04.23 16:32:25 | 018,499,623 | ---- | C] () -- C:\Dokumente und Einstellungen\Manni\Eigene Dateien\vlc-1.0.5-win32.exe
[2010.04.23 14:57:54 | 000,000,670 | ---- | C] () -- C:\Dokumente und Einstellungen\Manni\Desktop\SpywareBlaster.lnk
[2010.04.12 18:17:26 | 000,010,460 | ---- | C] () -- C:\Dokumente und Einstellungen\Manni\Eigene Dateien\devk.odt
[2010.04.11 14:21:20 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010.03.27 11:01:15 | 000,002,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Manni\Eigene Dateien\Ferien_Nordrhein_Westfalen_2010.ics
[2010.02.20 12:35:55 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.09.29 19:23:20 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2009.07.26 09:10:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2009.07.26 09:09:48 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini
[2009.07.26 09:08:49 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
[2009.07.26 09:08:47 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2009.07.26 09:08:47 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2009.06.27 09:45:58 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.04.04 11:07:00 | 000,000,262 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2009.03.31 19:15:12 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.03.31 19:15:12 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.03.31 19:15:12 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.03.31 18:48:49 | 000,000,360 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009.03.02 11:33:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.11.15 22:12:57 | 000,000,021 | ---- | C] () -- C:\WINDOWS\wincig.ini
[2008.10.19 18:16:24 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll
[2008.09.27 11:50:39 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2008.08.06 15:21:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.07.19 21:30:17 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2008.07.19 21:30:17 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2008.07.19 21:30:05 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008.07.01 22:57:58 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.07.01 22:57:58 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.06.28 11:09:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\C6501rm.dll
[2008.06.28 11:09:57 | 000,000,133 | ---- | C] () -- C:\WINDOWS\C6501.ini.cfl
[2008.06.28 11:08:48 | 000,004,571 | ---- | C] () -- C:\WINDOWS\C6501.ini.cfg
[2008.06.27 20:00:35 | 000,000,326 | ---- | C] () -- C:\WINDOWS\c6501.ini
[2008.06.27 15:56:30 | 000,006,172 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.06.26 12:52:48 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.06.26 12:52:44 | 000,013,069 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.06.26 12:52:28 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FB1B13D8
< End of report >

------------------

OTL Extras logfile created on: 25.04.2010 18:19:09 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Down
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,55 Gb Total Space | 12,07 Gb Free Space | 47,26% Space Free | Partition Type: NTFS
Drive D: | 406,70 Gb Total Space | 146,58 Gb Free Space | 36,04% Space Free | Partition Type: NTFS
Drive E: | 33,51 Gb Total Space | 24,81 Gb Free Space | 74,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMD
Current User Name: Manni
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Klebezettel NG\klebez.exe" = C:\Programme\Klebezettel NG\klebez.exe:*:Enabled:Elektronische Haftnotizen für Windows -- (Hollie-Soft)
"C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03030CB1-AEA1-90F8-6442-AC063AA1AE20}" = ccc-core-static
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12285AC5-1F0A-4E74-A870-9E4889A23BCF}" = InCD
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1A5F9CD3-7BD3-F68F-1267-7C1157AFE531}" = Catalyst Control Center Graphics Full New
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29082A9B-0144-5189-78B3-1E8D47DD644D}" = ccc-core-preinstall
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3350F250-FF14-4CD4-97CF-F54239B31EC6}" = UltraEdit 14.20
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F58E241-0649-4ECA-805D-5A7B7943801D}" = Radiotracker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.5)
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{71CFE572-6C01-96C4-F90E-36C147C98123}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{870FB7F0-59C3-099B-4ABF-A9F977393EE9}" = ccc-utility
"{885DDF98-4E4C-4D80-59C9-B785F2D314E4}" = Catalyst Control Center Graphics Previews Common
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6EB4CB7-DA32-2FAA-7078-7C0C2882D9DF}" = CCC Help English
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{a8c51a8f-00d7-4fef-85aa-0b674101fe8a}" = Nero 9
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B918272C-7E6E-194F-53E9-D3B566480686}" = Catalyst Control Center Graphics Light
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C8A92B59-E083-7715-F78F-FDD77B121C3C}" = Catalyst Control Center HydraVision Full
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E6445FCC-EAF6-4E35-9E72-6EF105A4C177}" = HDView for Firefox
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{F1BCD1EA-73CE-B1BF-70DC-A1A6EF3132EE}" = Catalyst Control Center Graphics Full Existing
"{F2E92959-8856-6656-BE20-4E2F6685F170}" = Catalyst Control Center Core Implementation
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"7-Zip" = 7-Zip 4.57
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AllDup_is1" = AllDup 2.1.10
"Any Video Converter_is1" = Any Video Converter 3.0.3
"AnyDVD" = AnyDVD
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.8.2" = Biet-O-Matic v2.8.2
"CCleaner" = CCleaner
"ClipMagic_3.1" = ClipMagic 3.2.5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Cossacks : The Art Of War" = Cossacks - The Art Of War
"easyshare" = MicroLink EasyShare
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EW : Cossacks" = Cossacks - European Wars
"Generic 6501 Sound" = C-Media 6501 Sound
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Incadia" = Incadia
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"Pass4sure for IBM LOT-847" = Pass4sure for IBM LOT-847 4.34
"Pass4sure for IBM LOT-848" = Pass4sure for IBM LOT-848 4.34
"Pass4sure for IBM LOT-849" = Pass4sure for IBM LOT-849 4.40
"Pharao" = Pharao
"Pharaoh" = Pharao
"Pidgin" = Pidgin
"RealPlayer 12.0" = RealPlayer
"SpeedSim" = SpeedSim
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"
__________________

Alt 25.04.2010, 17:47   #4
trigger_de
 
TR/Crypt.ZPACK.Gen wieder mal. - Standard

TR/Crypt.ZPACK.Gen wieder mal.



Aus iregend einem Grunde kann ich die Extras nicht posten.
Ich erhalte:
Fehler: Verbindung unterbrochen

Alt 25.04.2010, 17:50   #5
trigger_de
 
TR/Crypt.ZPACK.Gen wieder mal. - Standard

TR/Crypt.ZPACK.Gen wieder mal.



Andere postings gehen ohne Probleme.
Ein Teil der Datei habe ich oben zu dem ersten Post der ersten Log - Datei hinzufügen können.


Alt 25.04.2010, 21:47   #6
trigger_de
 
TR/Crypt.ZPACK.Gen wieder mal. - Standard

TR/Crypt.ZPACK.Gen wieder mal.



OTL Extras logfile created on: 25.04.2010 22:44:06 - Run 3
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Down
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 25,55 Gb Total Space | 12,08 Gb Free Space | 47,27% Space Free | Partition Type: NTFS
Drive D: | 406,70 Gb Total Space | 146,58 Gb Free Space | 36,04% Space Free | Partition Type: NTFS
Drive E: | 33,51 Gb Total Space | 24,81 Gb Free Space | 74,02% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AMD
Current User Name: Manni
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Klebezettel NG\klebez.exe" = C:\Programme\Klebezettel NG\klebez.exe:*:Enabled:Elektronische Haftnotizen für Windows -- (Hollie-Soft)
"C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Programme\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03030CB1-AEA1-90F8-6442-AC063AA1AE20}" = ccc-core-static
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12285AC5-1F0A-4E74-A870-9E4889A23BCF}" = InCD
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1A5F9CD3-7BD3-F68F-1267-7C1157AFE531}" = Catalyst Control Center Graphics Full New
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29082A9B-0144-5189-78B3-1E8D47DD644D}" = ccc-core-preinstall
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3350F250-FF14-4CD4-97CF-F54239B31EC6}" = UltraEdit 14.20
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3F58E241-0649-4ECA-805D-5A7B7943801D}" = Radiotracker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4F81901F-3655-4340-8227-F687F69A3C79}}_is1" = Klebezettel NG (Version 2.9.5)
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{71CFE572-6C01-96C4-F90E-36C147C98123}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{870FB7F0-59C3-099B-4ABF-A9F977393EE9}" = ccc-utility
"{885DDF98-4E4C-4D80-59C9-B785F2D314E4}" = Catalyst Control Center Graphics Previews Common
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6EB4CB7-DA32-2FAA-7078-7C0C2882D9DF}" = CCC Help English
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{a8c51a8f-00d7-4fef-85aa-0b674101fe8a}" = Nero 9
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B918272C-7E6E-194F-53E9-D3B566480686}" = Catalyst Control Center Graphics Light
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C8A92B59-E083-7715-F78F-FDD77B121C3C}" = Catalyst Control Center HydraVision Full
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E6445FCC-EAF6-4E35-9E72-6EF105A4C177}" = HDView for Firefox
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{F1BCD1EA-73CE-B1BF-70DC-A1A6EF3132EE}" = Catalyst Control Center Graphics Full Existing
"{F2E92959-8856-6656-BE20-4E2F6685F170}" = Catalyst Control Center Core Implementation
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"7-Zip" = 7-Zip 4.57
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AllDup_is1" = AllDup 2.1.10
"Any Video Converter_is1" = Any Video Converter 3.0.3
"AnyDVD" = AnyDVD
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.8.2" = Biet-O-Matic v2.8.2
"CCleaner" = CCleaner
"ClipMagic_3.1" = ClipMagic 3.2.5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Cossacks : The Art Of War" = Cossacks - The Art Of War
"easyshare" = MicroLink EasyShare
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EW : Cossacks" = Cossacks - European Wars
"Generic 6501 Sound" = C-Media 6501 Sound
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Incadia" = Incadia
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.17
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NVIDIA Drivers" = NVIDIA Drivers
"Pass4sure for IBM LOT-847" = Pass4sure for IBM LOT-847 4.34
"Pass4sure for IBM LOT-848" = Pass4sure for IBM LOT-848 4.34
"Pass4sure for IBM LOT-849" = Pass4sure for IBM LOT-849 4.40
"Pharao" = Pharao
"Pharaoh" = Pharao
"Pidgin" = Pidgin
"RealPlayer 12.0" = RealPlayer
"SpeedSim" = SpeedSim
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"tvbrowser" = TV-Browser 2.7.5
"Tweak UI 2.10" = Tweak UI
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.5
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"X - Beyond the Frontier" = X - Beyond the Frontier
"XMedia Recode" = XMedia Recode 2.1.8.4
"xp-AntiSpy" = xp-AntiSpy 3.97-2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Youporn Video Downloader_is1" = Youporn Video Downloader 3.16
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 25.04.2010 16:41:35 | Computer Name = AMD | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

Error - 25.04.2010 16:41:35 | Computer Name = AMD | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.

Error - 25.04.2010 16:41:42 | Computer Name = AMD | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


< End of report >

Alt 25.04.2010, 21:49   #7
trigger_de
 
TR/Crypt.ZPACK.Gen wieder mal. - Standard

TR/Crypt.ZPACK.Gen wieder mal.



So diesmal hat es geklappt.
Danke schon mal im voraus.

Alt 25.04.2010, 21:58   #8
trigger_de
 
TR/Crypt.ZPACK.Gen wieder mal. - Standard

TR/Crypt.ZPACK.Gen wieder mal.



Vielleicht jetzt doch noch eine Info.
Ich habe vorhin Spybot - Search & destry uind Ad-Aware mal laufen lassen.
Gefundene Probleme habe ich auch von den beiden Programmen direkt beheben lassen.
Die Fehlermeldungen sind bislang nicht mehr aufgetreten.

Alt 26.04.2010, 11:18   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.ZPACK.Gen wieder mal. - Standard

TR/Crypt.ZPACK.Gen wieder mal.



Zitat:
Gefundene Probleme habe ich auch von den beiden Programmen direkt beheben lassen.
Die Fehlermeldungen sind bislang nicht mehr aufgetreten.
Die musst die gefundenen Probleme auch genauer erwähnen. Am besten Log posten von den beiden Programmen.
Das Log von Malwarebytes hast Du auch noch nicht gepostet.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/Crypt.ZPACK.Gen wieder mal.
adobe, antivir, antivir guard, avira, bho, desktop, dll, download, einstellungen, explorer, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, monitor, pdf, plug-in, programme, registry, rundll, software, system, trojaner, windows, windows xp




Ähnliche Themen: TR/Crypt.ZPACK.Gen wieder mal.


  1. TR/Crypt.ZPACK.*, TR.Crypt.XPACK.*, nicht gefundene AdWare
    Log-Analyse und Auswertung - 12.11.2015 (10)
  2. Troj.TR/Crypt.Zpack.151493+Troj.TR/Crypt.Xpack.138980 entfernen+daten entschlüsseln
    Log-Analyse und Auswertung - 27.08.2015 (27)
  3. TR/Crypt.Zpack.96184 und TR/Crypt.Zpack.96450 entgültig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2014 (13)
  4. Vermute TR/Crypt.ZPACK.47328 und TR/Crypt.ZPACK.56424 auf dem Rechner
    Log-Analyse und Auswertung - 12.05.2014 (10)
  5. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  6. tr/crypt.zpack.gen2 in Quarantäne, ist mein System nun wieder sicher? Oder muss ich weitere Schritte befolgen?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (17)
  7. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  8. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  9. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  10. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  11. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  12. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  13. Nach Desktop Security 2010 Löschung kommt nun TR/Crypt.ZPACK.Gen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (2)
  14. Crypt.ZPACK.Gen - ist mein Rechner jetzt endlich wieder "sauber"
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (1)
  15. 3 Trojaner: TR/FraudPack.240128 TR/Crypt.XPACK.Gen TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  16. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
  17. Trojaner TR/Crypt.ASPM.Gen und TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2009 (4)

Zum Thema TR/Crypt.ZPACK.Gen wieder mal. - Hallo Erbitte Hilfe wegen dem Trojaner TR/Crypt.ZPACK.Gen der mich seit längerem nervt. Ich habe es bislang leider noch nicht geschafft den zu entfernen. Trotz Malwarebytes (neuste Version) und Spywareblaster. Nur - TR/Crypt.ZPACK.Gen wieder mal....
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen wieder mal. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.