|
Log-Analyse und Auswertung: Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.10.2010, 19:24 | #1 | |
| Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg? Hallo Habe euch via google gefunden und bereits gemäss anderen Einträgen diverse Vorbereitungen zur Analyse und Entfernung des Virus getroffen. Leider ist mein PC immer noch mit dem Virus TR/Crypt.XPACK.Gen3 befallen. Avira AntiVir hat in seiner Quarantäne folgendes: Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3 Quelle: C:\WINDOWS\Temp\TMPAC.tmp und Ist das Trojanische Pferd TR/Crypt.PEPM.Gen Quelle: C:\WINDOWS\Temp\TMP20D.tmp Malwarebytes' Anti-Malware fand folgendes: Trojan.Downloader Quelle: C:\WINDOWS\Temp\TMP6F1.tmp Logdatei: Zitat:
OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.10.2010 20:16:06 - Run 4 OTL by OldTimer - Version 3.2.15.0 Folder = C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1'023.00 Mb Total Physical Memory | 371.00 Mb Available Physical Memory | 36.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39.07 Gb Total Space | 4.39 Gb Free Space | 11.23% Space Free | Partition Type: NTFS Drive D: | 193.75 Gb Total Space | 44.11 Gb Free Space | 22.77% Space Free | Partition Type: FAT32 Computer Name: DAVID | User Name: David Tschudin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - c:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) PRC - C:\Programme\ScanWizard 5\ScannerFinder.exe () PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\D4\D4.exe (Thinking Man Software) PRC - C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) PRC - C:\Programme\Iomega\AutoDisk\ADService.exe (Iomega Corporation) PRC - C:\Programme\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation) PRC - C:\Programme\Iomega\System32\AppServices.exe (Iomega Corporation) PRC - C:\Programme\Iomega\DriveIcons\Imgicon.exe (Iomega) PRC - C:\Programme\Microsoft Office\Office\OUTLOOK.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\BRSS01A.EXE (brother Industries Ltd) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner\OTL.exe (OldTimer Tools) MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll () MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Spyware Doctor\smum32.dll (PC Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\Iomega\DriveIcons\Imghook.dll (Iomega Corporation) ========== Win32 Services (SafeList) ========== SRV - (Iomega Activity Disk2) -- File not found SRV - (GB-PVR Recording Service) -- C:\Programme\Devnz\GBPVR\GBPVRRecordingService.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (AntiVirUpgradeService) -- File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools) SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.) SRV - (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\BRSVC01A.EXE (brother Industries Ltd) SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Programme\Iomega\AutoDisk\ADService.exe (Iomega Corporation) SRV - (Iomega App Services) -- C:\Programme\Iomega\System32\AppServices.exe (Iomega Corporation) ========== Driver Services (SafeList) ========== DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1029unic.sys (MCCI Corporation) DRV - (s1029mdm) -- C:\WINDOWS\system32\drivers\s1029mdm.sys (MCCI Corporation) DRV - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\WINDOWS\system32\drivers\s1029bus.sys (MCCI Corporation) DRV - (s1029mdfl) -- C:\WINDOWS\system32\drivers\s1029mdfl.sys (MCCI Corporation) DRV - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1029mgmt.sys (MCCI Corporation) DRV - (s1029obex) -- C:\WINDOWS\system32\drivers\s1029obex.sys (MCCI Corporation) DRV - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1029nd5.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\WINDOWS\system32\drivers\s217unic.sys (MCCI) DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation) DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation) DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\WINDOWS\system32\drivers\s217nd5.sys (MCCI Corporation) DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation) DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation) DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (hcw88rc5) -- C:\WINDOWS\system32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.) DRV - (w800obex) -- C:\WINDOWS\system32\drivers\w800obex.sys (MCCI) DRV - (w800mgmt) -- C:\WINDOWS\system32\drivers\w800mgmt.sys (MCCI) DRV - (w800mdm) -- C:\WINDOWS\system32\drivers\w800mdm.sys (MCCI) DRV - (w800mdfl) -- C:\WINDOWS\system32\drivers\w800mdfl.sys (MCCI) DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\WINDOWS\system32\drivers\w800bus.sys (MCCI) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (LHidUsbK) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.) DRV - (LHidKe) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.) DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation) DRV - (BrPar) -- C:\WINDOWS\System32\drivers\BrPar.sys (Brother Industries Ltd.) DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.uira.ch/" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 44 FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5 FF - prefs.js..extensions.enabledItems: de-CH@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.5.1 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.14 21:14:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.09 01:18:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.09 02:05:36 | 000,000,000 | ---D | M] [2009.02.13 01:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Extensions [2009.02.13 01:58:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2010.10.15 23:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions [2010.09.25 17:07:50 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010.10.01 18:10:54 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.04.29 23:14:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.29 23:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash [2010.09.11 18:20:04 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.10.15 23:02:01 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2010.10.09 14:13:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.06.01 19:14:32 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009.09.11 01:26:54 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.12.19 11:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\brief@mozdev.org [2010.02.13 23:55:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\de-CH@dictionaries.addons.mozilla.org [2010.10.09 14:14:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\firefox@facebook.com [2010.03.06 03:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions [2010.03.03 21:11:58 | 000,000,000 | ---D | M] (CS Lite) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0} [2010.03.03 21:11:59 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2010.03.03 21:12:00 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.03.03 21:11:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.03.03 21:11:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.03 21:12:00 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2010.10.15 23:23:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.11.05 02:26:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.04.22 23:02:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.08 19:39:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2009.06.04 00:13:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\staff@hide-my-ip.com [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.11 22:18:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.11 22:18:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.11 22:18:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.11 22:18:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.11 22:18:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2007.05.05 00:28:08 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Programme\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ADUserMon] C:\Programme\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Deskup] C:\Programme\Iomega\DriveIcons\deskup.exe (Iomega) O4 - HKLM..\Run: [Dimension4] C:\Programme\D4\D4.exe (Thinking Man Software) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\Imgicon.exe (Iomega) O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Power2GoExpress] File not found O4 - HKCU..\Run: [smartproc] C:\WINDOWS\System32\ktyhybch.exe File not found O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Scanner Finder.lnk = C:\Programme\ScanWizard 5\ScannerFinder.exe () O4 - Startup: C:\Dokumente und Einstellungen\David Tschudin\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Dokumente und Einstellungen\David Tschudin\Startmenü\Programme\Autostart\GB-PVR Tray.lnk = C:\Programme\Devnz\GBPVR\GBPVRTray.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (SentinelProxy Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157976344140 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162940245546 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.12.130.66 193.246.253.10 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: UtilAdm - {2BC3C43D-A90E-88B3-EAA7-08BF1B01B0A7} - C:\Programme\tuyidgc\UtilAdm.dll File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.11 13:22:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell - "" = AutoRun O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{3e370bd8-337e-11df-b3f8-000fea4c9049}\Shell\AutoRun\command - "" = G:\Startme.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.13 18:58:52 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.13 18:58:51 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.13 18:58:39 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.12 18:50:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Crealogix [2010.10.12 18:46:41 | 000,000,000 | ---D | C] -- C:\Programme\Documents Manager 3 [2010.10.12 12:06:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Esther [2010.10.11 00:07:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner [2010.10.10 13:38:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Malwarebytes [2010.10.10 13:37:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.10 13:37:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.10 13:37:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.10 13:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.09 03:17:51 | 000,000,000 | ---D | C] -- C:\Programme\PixiePack Codec Pack [2010.10.09 03:12:22 | 000,000,000 | ---D | C] -- C:\Programme\RapidSolution [2010.10.09 03:10:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RapidSolution [2010.10.09 01:50:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\TuneUpMedia [2010.10.09 01:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Broad Intelligence [2010.10.09 01:48:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\OpenCandy [2010.10.09 01:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\OpenCandy [2010.10.09 01:18:36 | 000,000,000 | ---D | C] -- C:\Mozilla [2010.10.04 19:09:29 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.03.20 02:02:33 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe68.dll [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\bass.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.16 20:18:14 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1A5979DB-0F1E-477A-8FFA-C1E38DF649BB}.job [2010.10.16 20:03:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.16 19:59:48 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2010.10.16 18:00:04 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job [2010.10.16 18:00:04 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job [2010.10.16 16:50:53 | 000,013,680 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.16 16:48:43 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.16 16:48:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.10.16 16:48:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.16 08:01:26 | 011,010,048 | -H-- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\NTUSER.DAT [2010.10.15 19:09:28 | 009,700,322 | -H-- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.10.14 23:52:16 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\ntuser.ini [2010.10.13 20:05:11 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.12 18:47:31 | 000,001,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Documents Manager 3.lnk [2010.10.11 12:12:55 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.10.11 10:13:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.10.11 07:43:08 | 000,031,360 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.10.10 13:37:59 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.09 14:30:18 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.10.09 03:13:07 | 000,000,820 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunebite 7.lnk [2010.10.09 02:05:37 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.10.09 00:35:07 | 000,001,868 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2010.10.08 07:51:09 | 000,001,053 | ---- | M] () -- C:\WINDOWS\win.ini [2010.10.08 07:50:53 | 000,000,039 | ---- | M] () -- C:\WINDOWS\System32\mscandc.ini [2010.10.06 00:56:38 | 000,174,080 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.05 00:07:31 | 000,001,544 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\LimeWire 5.5.16.lnk [2010.10.04 23:03:42 | 001,324,736 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.10.04 23:03:42 | 000,574,262 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.04 23:03:42 | 000,549,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.04 23:03:42 | 000,123,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.04 23:03:42 | 000,106,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.09.27 20:07:58 | 000,001,496 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml [2010.09.18 12:22:58 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll [2010.09.18 12:22:58 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll [2010.09.18 08:52:56 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll [2010.09.18 08:52:56 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.09.18 08:52:56 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll [2010.09.18 08:52:56 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.09.18 08:52:56 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll [2010.09.18 08:52:56 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.09.17 23:01:00 | 000,001,889 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2010.09.16 22:53:05 | 004,430,507 | ---- | M] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\e-water flash-texte.pdf [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.12 21:26:11 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job [2010.10.12 18:47:31 | 000,001,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Documents Manager 3.lnk [2010.10.10 13:37:59 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.09 03:13:07 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Tunebite 7.lnk [2010.10.09 02:05:36 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.10.05 00:07:31 | 000,001,544 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\LimeWire 5.5.16.lnk [2010.10.04 19:22:19 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.09.17 23:01:00 | 000,001,889 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2010.09.16 22:53:05 | 004,430,507 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Desktop\e-water flash-texte.pdf [2010.08.21 19:49:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2010.02.15 22:23:31 | 000,001,496 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RecConfig.xml [2010.01.12 06:35:44 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010.01.02 01:31:21 | 000,767,928 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.09.19 12:13:03 | 000,000,013 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\60VC14D0-20C5-16GR-07MM-Q168H3F6T000.ini [2009.07.08 20:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2009.06.26 07:52:06 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009.06.26 07:52:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009.06.26 07:52:00 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009.06.26 07:52:00 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.06.26 07:52:00 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.06.26 07:51:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.04.11 11:43:27 | 000,001,836 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2008.12.29 01:00:11 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI [2008.12.29 00:55:25 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini [2008.12.29 00:48:13 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini [2008.12.29 00:48:08 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys [2008.12.29 00:48:08 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.08.15 21:21:41 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008.08.01 18:17:42 | 000,000,013 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\602014D0-F6C5-16B7-54DD-7568A2F6B000.ini [2007.12.11 22:34:01 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll [2007.10.20 18:33:12 | 000,000,042 | ---- | C] () -- C:\WINDOWS\SecurityandPrivacy3.ini [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll [2007.07.27 22:19:15 | 000,001,868 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.07.11 23:55:40 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2007.06.09 03:15:33 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C9B086CE-4A3B-11DB-8373-B622A1EF5492 [2007.06.09 02:24:48 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.06.02 00:53:50 | 000,000,067 | ---- | C] () -- C:\WINDOWS\pctcp.ini [2007.06.02 00:19:47 | 000,001,269 | ---- | C] () -- C:\WINDOWS\HPDWNLD.INI [2007.05.03 19:51:33 | 000,000,099 | ---- | C] () -- C:\WINDOWS\CCWINPAY.INI [2007.05.03 19:51:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\CChannel.ini [2007.04.22 23:20:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2007.03.05 13:34:28 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007.01.25 20:31:59 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2006.11.13 01:40:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006.11.08 22:08:02 | 000,000,532 | ---- | C] () -- C:\WINDOWS\PEBE.INI [2006.11.08 00:39:00 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2006.11.05 18:10:52 | 000,000,055 | ---- | C] () -- C:\WINDOWS\Lunarmedia Clock B..ini [2006.11.05 02:37:38 | 000,174,080 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.11.05 01:17:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.11.05 00:50:37 | 000,000,141 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI [2006.11.05 00:50:37 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI [2006.11.05 00:50:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2006.11.05 00:50:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\bw5140.ini [2006.11.05 00:50:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2006.11.05 00:50:36 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2006.11.05 00:50:36 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL [2006.11.05 00:50:36 | 000,015,108 | ---- | C] () -- C:\WINDOWS\HL-5140.INI [2006.11.05 00:50:36 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL [2006.11.05 00:50:35 | 000,000,453 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2006.11.05 00:50:35 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006.11.05 00:50:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\BRSS01A.ini [2006.11.05 00:43:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini [2006.11.04 23:19:37 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\ogg.dll [2006.09.12 13:10:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.09.12 12:57:20 | 000,002,121 | ---- | C] () -- C:\WINDOWS\vtplus32.ini [2006.09.12 12:57:17 | 000,029,903 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2006.09.12 12:57:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2006.09.11 13:57:39 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll [2004.05.04 08:29:54 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\HPB2550V.DLL [2002.09.23 12:11:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll [2001.07.31 03:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998.10.11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 176 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.10.2010 20:16:06 - Run 4 OTL by OldTimer - Version 3.2.15.0 Folder = C:\Dokumente und Einstellungen\David Tschudin\Desktop\Trojaner Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1'023.00 Mb Total Physical Memory | 371.00 Mb Available Physical Memory | 36.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39.07 Gb Total Space | 4.39 Gb Free Space | 11.23% Space Free | Partition Type: NTFS Drive D: | 193.75 Gb Total Space | 44.11 Gb Free Space | 22.77% Space Free | Partition Type: FAT32 Computer Name: DAVID | User Name: David Tschudin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "25141:TCP" = 25141:TCP:*:Enabled:BitComet 25141 TCP "25141:UDP" = 25141:UDP:*:Enabled:BitComet 25141 UDP ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\Programme\ftp-uploader\FTPUploader.exe" = C:\Programme\ftp-uploader\FTPUploader.exe:*:Enabled:ftpuploader.de -- (sysb) "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found "C:\Programme\uTorrent\utorrent.exe" = C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent -- File not found "C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG) "C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG) "C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- () "C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe" = C:\Dokumente und Einstellungen\David Tschudin\Lokale Einstellungen\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- File not found "C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- File not found "C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0 -- (Sony Creative Software Inc.) "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) "C:\Programme\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Programme\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- File not found "C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG) "C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- () "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{04584A06-E3DA-4A8F-A1A9-E91EFF5B6829}" = GB-PVR "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07B562FD-E90D-4DC8-89E8-75C706D06E2B}" = Sony Media Manager 2.3 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2) "{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = Microtek FineReader OCR Engine "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{408FA92C-0766-48A1-8055-D6DFD27B7C2B}" = C-CHANNEL OnlineUpdate "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0 "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0 "{5C9A3618-A891-4B01-BED1-D44C0D9395D7}" = Documents Manager 3 "{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}" = Disc2Phone "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77C499C8-AB66-11D5-BFC3-0050DADD1B5E}" = C-CHANNEL e-banking (PAYMAKER / NetBanking) "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7D59AB1B-B564-44AC-B57F-701A090A7380}" = ASUS nVidia Driver "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{935FF092-EEBA-4E97-8C1B-CD2364F392A4}" = Dimension 4 v5.0 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie "{A250A639-C739-4B6E-99CD-C11F589A8369}" = Documents Manager "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6871F03-E140-4559-8940-AD1CC3D58CEE}" = Sony Ericsson PC Suite "{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE085E37-93BB-4CB5-BA98-9777A393EDCE}" = Tunebite "{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DC888258-F37C-11D2-9594-00A0C9CD527E}" = Fotoalbum-Add-In "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Premium "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour "4528-3220-6381-2600" = BalTax 2009 5.0.1 "7-Zip" = 7-Zip 4.57 "Active Disk" = Active Disk "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Astalavista_is1" = Astalavista "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BalTax 2008 4.0.2" = BalTax 2008 4.0.2 "Banana50_is1" = Banana Buchhaltung 5.0 "Banana60_is1" = Banana Buchhaltung 6.0 "Brother HL-5140" = Brother HL-5140 "Browser Defender_is1" = Browser Defender 2.0.6.15 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "E-Finance Java Edition" = E-Finance Java Edition "eSalaryReport" = eSalaryReport "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FreePDF_XP" = FreePDF XP (Remove only) "ftp-uploader" = ftp-uploader "GMX MultiMessenger" = GMX MultiMessenger "Google Updater" = Google Updater "GPL Ghostscript 8.15" = GPL Ghostscript 8.15 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler "Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR "Hauppauge WinTV2000" = Hauppauge WinTV2000 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "IomegaWare" = IomegaWare 4.0.2 "IrfanView" = IrfanView (remove only) "JAP" = JAP "KLiteCodecPack_is1" = K-Lite Codec Pack 4.9.5 (Full) "LimeWire" = LimeWire 5.5.16 "Lunarmedia Clock B." = Lunarmedia Clock B. "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaCoder" = MediaCoder 0.6.1 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "PCFriendly" = PCFriendly "RAR Password Cracker" = RAR Password Cracker 4.12 "ratDVD" = ratDVD 0.78.1444 "RealPlayer 12.0" = RealPlayer "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Screensaver SBB" = Screensaver SBB "Snapform Viewer 1.6.02" = Snapform Viewer 1.6.02 "SofTax GR 2006NP 2007JP" = SofTax GR 2006NP 2007JP "SofTax GR 2007NP 2008JP" = SofTax GR 2007NP 2008JP "SofTax GR 2009 JP" = SofTax GR 2009 JP "Spyware Doctor" = Spyware Doctor 7.0 "Sweepi_is1" = Sweepi 5.4.00 "Sybase SQL Anywhere 5.0" = Sybase SQL Anywhere 5.0 "SystemRequirementsLab" = System Requirements Lab "Update Service" = Update Service "VLC media player" = VLC media player 1.1.4 "VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German) "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XMedia Recode" = XMedia Recode 2.1.2.9 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.10.2010 22:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20 Description = Error - 11.10.2010 23:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20 Description = Error - 12.10.2010 00:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20 Description = Error - 12.10.2010 01:03:05 | Computer Name = DAVID | Source = Google Update | ID = 20 Description = Error - 12.10.2010 15:27:07 | Computer Name = DAVID | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3909, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b. Error - 15.10.2010 22:44:53 | Computer Name = DAVID | Source = VSS | ID = 5013 Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager" aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert in 0x800423f3) fehlgeschlagen. Error - 15.10.2010 23:03:51 | Computer Name = DAVID | Source = Google Update | ID = 20 Description = Error - 16.10.2010 00:03:30 | Computer Name = DAVID | Source = Google Update | ID = 20 Description = Error - 16.10.2010 01:03:55 | Computer Name = DAVID | Source = Google Update | ID = 20 Description = Error - 16.10.2010 01:33:40 | Computer Name = DAVID | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avscan.exe, Version 10.0.3.0, fehlgeschlagenes Modul msvcr90.dll, Version 9.0.30729.4148, Fehleradresse 0x0003fb29. [ System Events ] Error - 14.10.2010 16:46:51 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 14.10.2010 16:46:51 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000 Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 15.10.2010 12:15:56 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 15.10.2010 12:15:56 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000 Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 15.10.2010 12:18:07 | Computer Name = DAVID | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc. Error - 15.10.2010 17:10:38 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 15.10.2010 17:10:38 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000 Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 15.10.2010 17:12:42 | Computer Name = DAVID | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc. Error - 16.10.2010 10:49:22 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000 Description = Der Dienst "AntiVirUpgradeService" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 16.10.2010 10:49:22 | Computer Name = DAVID | Source = Service Control Manager | ID = 7000 Description = Der Dienst "GB-PVR Recording Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 < End of report > Vielen Dank für eure Hilfe. |
16.10.2010, 20:12 | #2 |
| Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg? Hi,
__________________wir hoffen mal, dass nur der Rechner befallen bist und nicht Du ;o)... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Antivierenlösung komplett auschalten und zwar so, dass sie sich auch nach einem Reboot NICHT einschaltet! Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ |
17.10.2010, 00:15 | #3 |
| Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg? Beim Suchen nach "infiziert" im Log wurde nichts gefunden.
__________________Deshalb hier der ganze Log des ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 10-10-16.03 - David Tschudin 17.10.2010 0:55.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.41.1031.18.1023.384 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\David Tschudin\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {863FD9AC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8644BA64-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {864BE984-FFA4-00F0-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85BB4AC4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C10834-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DA3DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DF1DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E40BCC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E64564-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E6EC24-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85E962AC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85F1389C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860689AC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860B5864-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860C9C1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {860FF204-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8610832C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86126594-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861407A4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615B89C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615BDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8615EC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8616C6FC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8616F39C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861747EC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8617660C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8617A60C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8617FAA4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86181724-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861896D4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8619177C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86197DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86199A5C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861A04EC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861A3DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861AF6D4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861BA5E4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861BAB64-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861C825C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861D0464-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861E03E4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861E2DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861E3A5C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861E99AC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F07B4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F249C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F2B64-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861F2DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {861FFC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8620CA6C-FFA4-00F0-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86215584-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8621589C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8621BA7C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8622BC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8623CDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86243514-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8624A344-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8624EDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8626949C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86270054-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86277DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862A746C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862C95E4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862D0834-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862D6DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862FA054-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {862FEDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86302A34-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8630EDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86322A5C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86322DB4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8632B054-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86331DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86335BF4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863365BC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86338DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635666C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86359674-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635CDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8635F204-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86361654-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8637711C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638489C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638B39C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638D89C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8638F424-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863986DC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863A23C4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863AFC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B172C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B22DC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B4DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B7654-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863B8C44-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BAC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863BB49C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C2204-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C2D8C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863C7DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D5C3C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D5DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863D8C3C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E139C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E156C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E2C1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863E54DC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {863EF414-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86403A24-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86403C1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640BDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640CA5C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640E3FC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640EC54-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640F234-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8640FA0C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8641144C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86414DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86416894-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86423BCC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86436DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8643D37C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86443A34-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644660C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644AC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8644F54C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645641C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86457A8C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645955C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645CA34-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8645FA5C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864643FC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86468854-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8646C23C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8646EC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8646F594-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864785BC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8647B3AC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8647BC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8647F4EC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8648CDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8648D484-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86496DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86497A34-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864A23AC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864A3054-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864A45CC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864A755C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864A75BC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864B1724-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864BE764-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864CC62C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864CDDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864CE054-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864CE844-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864CFDDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864D424C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864D650C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E474C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864E6A94-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864EAC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864EBB1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F16B4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864F4D5C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {864FAC1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8650189C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865152AC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86517604-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8651C6CC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865223AC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652A6A4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8652D8DC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86533A2C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86536DDC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8653EA5C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86546A74-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86559A24-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865604EC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86563AAC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8656E054-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86591054-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865AD354-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865B66DC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865C434C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865E67EC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {865E931C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8666F674-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86690C1C-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86694BCC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8669B3AC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866AE314-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866B32EC-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866BA444-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {866BEBF4-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {86729D74-FFA4-00DF-0D24-347CA8A3377C} AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8672B374-FFA4-00DF-0D24-347CA8A3377C} * Neuer Wiederherstellungspunkt wurde erstellt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpe68.dll c:\dokumente und einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\lame_enc.dll c:\dokumente und einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\no23xwrapper.dll c:\dokumente und einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\ogg.dll c:\dokumente und einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbis.dll c:\dokumente und einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisenc.dll c:\dokumente und einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\vorbisfile.dll c:\windows\system\oeminfo.ini c:\windows\system32\temp#01.exe . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_USNJSVC -------\Service_usnjsvc ((((((((((((((((((((((( Dateien erstellt von 2010-09-16 bis 2010-10-16 )))))))))))))))))))))))))))))) . 2010-10-13 16:58 . 2010-09-18 06:52 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 16:58 . 2010-09-18 06:52 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 16:58 . 2010-08-23 16:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-10-12 16:46 . 2010-10-12 16:47 -------- d-----w- c:\programme\Documents Manager 3 2010-10-10 11:38 . 2010-10-10 11:38 -------- d-----w- c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\Malwarebytes 2010-10-10 11:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-10 11:37 . 2010-10-10 11:37 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-10-10 11:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-10 11:37 . 2010-10-10 11:38 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-10-09 01:17 . 2010-10-09 01:17 -------- d-----w- c:\programme\PixiePack Codec Pack 2010-10-09 01:12 . 2010-10-09 01:12 -------- d-----w- c:\programme\RapidSolution 2010-10-09 01:10 . 2010-10-09 01:10 -------- d-----w- c:\dokumente und einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\RapidSolution 2010-10-08 23:50 . 2010-10-09 00:09 -------- d-----w- c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\TuneUpMedia 2010-10-08 23:48 . 2010-10-09 00:10 -------- d-----w- c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\Broad Intelligence 2010-10-08 23:48 . 2010-10-08 23:52 -------- d-----w- c:\dokumente und einstellungen\David Tschudin\Lokale Einstellungen\Anwendungsdaten\OpenCandy 2010-10-08 23:48 . 2010-10-08 23:48 -------- d-----w- c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\OpenCandy 2010-10-08 23:18 . 2010-10-08 23:18 -------- d-----w- C:\Mozilla 2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\programme\Mozilla Firefox\plugins\nppdf32.dll 2010-09-22 16:10 . 2010-09-22 16:10 103864 ----a-w- c:\programme\Internet Explorer\PLUGINS\nppdf32.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-03 68856] "Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872] "RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2005-05-27 310272] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "Windows Defender"="c:\programme\Windows Defender\MSASCui.exe" [2006-11-03 866584] "ADUserMon"="c:\programme\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456] "Iomega Drive Icons"="c:\programme\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016] "Deskup"="c:\programme\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768] "NBKeyScan"="c:\programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-04-08 1647912] "NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904] "ISTray"="c:\programme\Spyware Doctor\pctsTray.exe" [2010-05-27 1287120] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "Dimension4"="c:\programme\D4\D4.exe" [2004-02-04 200704] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-05-14 248552] "nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-09-14 202256] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ AutoStart IR.lnk - c:\programme\WinTV\Ir.exe [2009-4-11 106551] Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2008-7-20 805392] Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] Scanner Finder.lnk - c:\programme\ScanWizard 5\ScannerFinder.exe [2008-12-29 344064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 00:42 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-24 00:10 421160 ----a-w- c:\programme\iTunes\iTunesHelper.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\ftp-uploader\\FTPUploader.exe"= "c:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Programme\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= "c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programme\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Dokumente und Einstellungen\\David Tschudin\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25141:TCP"= 25141:TCP:BitComet 25141 TCP "25141:UDP"= 25141:UDP:BitComet 25141 UDP R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [08.05.2009 23:39 218592] R0 ppa;Iomega Parallelanschluss-Filtertreiber;c:\windows\system32\drivers\ppa.sys [09.03.2008 00:34 17792] R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.03.2009 22:35 135336] R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [02.01.2010 01:31 112592] R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [20.03.2010 02:02 90112] R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [06.05.2010 19:31 366840] R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [05.12.2005 16:26 11841] R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [05.12.2005 16:16 141889] R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [05.12.2005 16:27 493632] R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [05.12.2005 16:22 23104] S2 AntiVirUpgradeService;AntiVirUpgradeService; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384] S2 gupdate1c986334d3101e2;Google Update Service (gupdate1c986334d3101e2);c:\programme\Google\Update\GoogleUpdate.exe [03.02.2009 21:12 133104] S2 WinDefend;Windows Defender;c:\programme\Windows Defender\MsMpEng.exe [03.11.2006 18:19 13592] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [16.05.2008 01:21 13224] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [27.05.2009 03:27 29262680] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [20.03.2010 02:02 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [20.03.2010 02:02 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [20.03.2010 02:02 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [20.03.2010 02:02 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [20.03.2010 02:02 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [20.03.2010 02:02 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [20.03.2010 02:02 109736] S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [20.03.2010 02:02 90280] S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [20.03.2010 02:02 15016] S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [20.03.2010 02:02 122280] S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [20.03.2010 02:03 115880] S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [20.03.2010 02:02 26024] S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [20.03.2010 02:02 111912] S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [20.03.2010 02:03 116904] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [09.11.2009 19:12 25088] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504] --- Andere Dienste/Treiber im Speicher --- *Deregistered* - PCTSDInjDriver32 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}] 2010-02-16 17:02 114688 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe . Inhalt des "geplante Tasks" Ordners 2010-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] 2010-10-16 c:\windows\Tasks\Google Software Updater.job - c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 23:01] 2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-02-03 19:11] 2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-02-03 19:11] 2010-10-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job - c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-10-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4201788531-2587723271-4116086320-1005.job - c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-10-16 c:\windows\Tasks\User_Feed_Synchronization-{1A5979DB-0F1E-477A-8FFA-C1E38DF649BB}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.ch/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: microsoft.com\download.windowsupdate Trusted Zone: microsoft.com\update TCP: {54D77809-E181-435F-9A3B-025FCA018014} = 213.189.128.1,213.189.129.10 FF - ProfilePath - c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Wikipedia (de) FF - prefs.js: browser.startup.homepage - hxxp://www.uira.ch/ FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\Mozilla\Firefox\Profiles\5gincrj9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\programme\Sony\Media Go\npmediago.dll FF - plugin: c:\programme\Virtual Earth 3D\npVE3D.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKCU-Run-Power2GoExpress - (no file) HKCU-Run-smartproc - c:\windows\system32\ktyhybch.exe SSODL-UtilAdm-{2BC3C43D-A90E-88B3-EAA7-08BF1B01B0A7} - c:\programme\tuyidgc\UtilAdm.dll MSConfigStartUp-InCD - c:\programme\Ahead\InCD\InCD.exe MSConfigStartUp-MsnMsgr - c:\programme\MSN Messenger\msnmsgr.exe AddRemove-KLiteCodecPack_is1 - c:\programme\K-Lite Codec Pack\unins000.exe AddRemove-MediaCoder - c:\programme\MediaCoder\uninst.exe AddRemove-NVIDIA Display Control Panel - c:\programme\NVIDIA Corporation\Uninstall\nvuninst.exe [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(708) c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(508) c:\programme\Logitech\SetPoint\GameHook.dll c:\programme\Logitech\SetPoint\lgscroll.dll c:\dokumente und einstellungen\David Tschudin\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll c:\programme\Iomega\DriveIcons\IMGHOOK.DLL c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\brss01a.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programme\Bonjour\mDNSResponder.exe c:\progra~1\Iomega\System32\AppServices.exe c:\programme\Java\jre6\bin\jqs.exe c:\programme\Avira\AntiVir Desktop\avshadow.exe c:\programme\CDBurnerXP\NMSAccessU.exe c:\windows\system32\IoctlSvc.exe c:\programme\Spyware Doctor\pctsSvc.exe c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\programme\Iomega\AutoDisk\ADService.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE c:\windows\system32\wbem\wmiapsrv.exe c:\programme\iPod\bin\iPodService.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-10-17 01:10:40 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-10-16 23:10 Vor Suchlauf: 4'553'510'912 Bytes frei Nach Suchlauf: 8'163'921'920 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 49DFA87B11AC7481F1DCF163A3F4F173 Freundlicher Gruss jogproof --- --- --- Geändert von jogproof (17.10.2010 um 00:20 Uhr) |
17.10.2010, 20:00 | #4 |
| Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg? Hi, was macht der Scan mit Cureit/Dr. Web? CF zeigt einige Entfernet Elemente, die mit Sicherheit Malware waren... z. B.: C:\WINDOWS\System32\ktyhybch.exe C:\Programme\tuyidgc\UtilAdm.dll chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
18.10.2010, 05:31 | #5 | |
| Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg? Upps, den Scan mit CureIt/Dr. Web hatte ich vergessen. Hier das Resultat: Zitat:
Avira AntiVir meldet nichts mehr. Gibts noch etwas zu tun? Ansonsten bereits vielen Dank für die Hilfe. |
18.10.2010, 06:40 | #6 |
| Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg? Hi, das sieht recht gut aus, falls der Rechner nicht mehr muckt sollte es das gewesen sein... chris
__________________ --> Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg? |
Themen zu Bin mit TR/Crypt.XPACK.Gen3 infiziert, wie bekomme ich den weg? |
0x00000001, 32 bit, 7-zip, adblock, alternate, antivir, avgntflt.sys, bho, bonjour, brief, cdburnerxp, components, cracker, desktop, dropbox, e-banking, error, firefox, firefox.exe, flash player, google, hdaudio.sys, home, installation, jondofox, jusched.exe, limewire, location, logfile, mozilla, msvcr80.dll, msvcrt, ntdll.dll, object, oldtimer, otl.exe, plug-in, realtek, registry, routine, saver, scan, searchplugins, server, shell32.dll, shortcut, skype.exe, software, spyware, system restore, tr/crypt.xpack.ge, tr/crypt.xpack.gen, usb, virus, vlc media player, windows, windows internet |