| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner w32 patchload.a und TR/Kazy.24148Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.09.2011, 20:13
| #1 |
 |  Trojaner w32 patchload.a und TR/Kazy.24148 Hallo zusammen! Habe seid heute ein großes Problem! Habe mir wohl einen Trojaner eingefangen. AntiVir hat sofort angeschlagen, wurde dann aber leider von alleine beendet.... und jetzt fährt der Rechner nicht mehr hoch. Kurz bevor er zur Anmeldung kommt startet er neu! Habe Windows XP drauf. Bitte um Hilfe! Danke schonmal im Vorraus!! |
|
01.09.2011, 22:40
| #2 |
| /// Malwareteam   | Trojaner w32 patchload.a und TR/Kazy.24148 Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
Hinweis: Wie boote ich von CD
|
|
01.09.2011, 22:52
| #3 |
| | Trojaner w32 patchload.a und TR/Kazy.24148 Hallo Swiss!
__________________Darf ich die Datei OTLPENet.exe von einem anderen Rechner runterladen und von dort aus auch brennen? Denn habe zur zeit die Internetverbindung am verseuchten PC gekappt und vom Netzwerk genommen. Habe festgestellt kann diesen im abgesicherten modus ohne probleme hochfahren, falls das was hilft. Gruss Oemmel! |
|
01.09.2011, 22:57
| #4 |
| /// Malwareteam | Trojaner w32 patchload.a und TR/Kazy.24148 Du musst es von einem anderen PC aus machen  |
|
01.09.2011, 23:51
| #5 |
| | Trojaner w32 patchload.a und TR/Kazy.24148 Hier der Inhalt Otl.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 9/2/2011 1:43:39 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,022.00 Mb Total Physical Memory | 758.00 Mb Available Physical Memory | 74.00% Memory free
906.00 Mb Paging File | 812.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 97.65 Gb Total Space | 51.02 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
Drive D: | 291.13 Gb Total Space | 194.96 Gb Free Space | 66.97% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 17.12 Gb Free Space | 35.07% Space Free | Partition Type: NTFS
Drive J: | 19.53 Gb Total Space | 0.49 Gb Free Space | 2.51% Space Free | Partition Type: NTFS
Drive K: | 23.90 Gb Total Space | 0.20 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
Drive L: | 6.95 Gb Total Space | 1.05 Gb Free Space | 15.16% Space Free | Partition Type: FAT32
Drive M: | 1003.47 Mb Total Space | 1003.36 Mb Free Space | 99.99% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (PnkBstrA)
SRV - File not found [Auto] -- -- (MySQL)
SRV - File not found [Auto] -- -- (LightScribeService)
SRV - File not found [Auto] -- -- (JavaQuickStarterService)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [Auto] -- -- (ICQ Service)
SRV - File not found [Auto] -- -- (HauppaugeTVServer)
SRV - File not found [Auto] -- -- (FsUsbExService)
SRV - File not found [Auto] -- -- (DeviceManager)
SRV - File not found [Auto] -- -- (Bonjour Service)
SRV - File not found [Auto] -- -- (Ati HotKey Poller)
SRV - File not found [Auto] -- -- (Apple Mobile Device)
SRV - File not found [Auto] -- -- (AntiVirScheduler)
SRV - [2011/09/01 14:45:59 | 000,153,088 | ---- | M] () [Auto] -- D:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- D:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/04/07 03:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- D:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/04/19 09:35:19 | 000,069,120 | ---- | M] (Google) [On_Demand] -- D:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto] -- D:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (InCDRm)
DRV - File not found [Kernel | System] -- -- (InCDPass)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/09/01 15:23:21 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- D:\WINDOWS\1381543154 -- (f2ac5852)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/12 07:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/03/12 05:47:58 | 000,321,280 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2010/03/12 05:47:57 | 000,012,288 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2010/03/12 05:47:56 | 000,216,576 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\hcw88bda.sys -- (hcw88bda)
DRV - [2010/03/12 05:47:56 | 000,013,440 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | System] -- D:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2009/11/14 12:50:56 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- D:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/11/14 12:50:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/10/22 09:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/09/21 03:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- D:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/05/25 06:18:02 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009/03/20 04:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 04:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 04:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] () [Kernel | System] -- D:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/13 15:24:13 | 002,155,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/02/22 04:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 04:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 04:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 04:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/07/24 19:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/29 11:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 17:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/09 08:27:01 | 000,043,008 | ---- | M] () [Kernel | On_Demand] -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Temp\gUSBSTOi.sys -- (gUSBSTOi)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003/11/05 01:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)
DRV - [2002/04/09 11:00:10 | 000,004,480 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Andere_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\Andere_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\Andere_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\Andere_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKU\Andere_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Prev Search Page = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = ICQ.com Suche
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - D:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - D:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook: {fb7d98cb-b228-4ecb-acac-e7101156338e} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: D:\Programme\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: D:\Programme\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: D:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: D:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/27 21:34:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011/01/06 08:13:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011/01/06 08:13:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2011/09/01 14:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/08/20 11:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/06/03 09:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010/11/19 12:14:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011/01/06 08:13:16 | 000,000,000 | ---D | M]
[2011/08/22 06:52:58 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2007/04/19 09:43:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/03 09:51:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- D:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/07/08 05:56:52 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/14 15:03:00 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/22 06:52:59 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2007/08/27 14:45:18 | 000,000,000 | ---D | M] (Google Settings) -- D:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2011/08/20 11:05:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Programme\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/20 11:05:20 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/20 11:05:20 | 000,002,252 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/08/20 11:05:20 | 000,001,153 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/20 11:05:20 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/20 11:05:20 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/20 11:05:20 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,820 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - D:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - D:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - D:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TECHNO4EVER Toolbar) - {fb7d98cb-b228-4ecb-acac-e7101156338e} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - D:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - D:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O3 - HKLM\..\Toolbar: (TECHNO4EVER Toolbar) - {fb7d98cb-b228-4ecb-acac-e7101156338e} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\ShellBrowser: (TECHNO4EVER Toolbar) - {FB7D98CB-B228-4ECB-ACAC-E7101156338E} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - D:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - D:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\WebBrowser: (TECHNO4EVER Toolbar) - {FB7D98CB-B228-4ECB-ACAC-E7101156338E} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] D:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] D:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPBootOp] D:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\Administrator_ON_D..\RunOnce: [NeroHomeFirstStart] File not found
O4 - HKU\Andere_ON_D..\RunOnce: [NeroHomeFirstStart] File not found
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = D:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinTV Recording Status..lnk = D:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Andere_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - D:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - D:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - D:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/12 08:01:16 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - L:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - L:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/01 15:31:05 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Desktop\Neuer Ordner (3)
[2011/09/01 14:55:25 | 000,309,848 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/01 14:55:25 | 000,019,544 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/01 14:55:25 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2011/09/01 14:55:24 | 000,043,608 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/01 14:55:24 | 000,025,432 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/01 14:55:23 | 000,441,176 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/01 14:55:23 | 000,102,616 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/01 14:55:23 | 000,096,344 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/01 14:55:22 | 000,030,808 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/01 14:55:04 | 000,040,112 | ---- | C] (AVAST Software) -- D:\WINDOWS\avastSS.scr
[2011/09/01 14:55:03 | 000,199,304 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2011/09/01 14:54:51 | 000,000,000 | ---D | C] -- D:\Programme\AVAST Software
[2011/09/01 14:54:51 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011/08/27 15:58:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/25 09:38:37 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\RE's Lager-Verwaltung
[2011/08/25 09:38:37 | 000,000,000 | ---D | C] -- D:\Programme\Lagerverwaltung
[2011/08/25 09:24:34 | 000,000,000 | ---D | C] -- D:\Programme\Lagerverwaltung 2
[2011/08/23 14:32:41 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\Warenwirtschaftssystem
[2011/08/23 14:32:39 | 000,000,000 | ---D | C] -- D:\Programme\Common~1
[2011/08/23 14:32:04 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\T1FONTS
[2011/08/23 14:29:27 | 000,000,000 | ---D | C] -- D:\Baumann
[2011/08/23 13:53:07 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DATA BECKER
[2011/08/23 13:50:12 | 000,131,584 | ---- | C] (DATA BECKER) -- D:\WINDOWS\DBReg.exe
[2011/08/23 13:50:11 | 000,627,200 | ---- | C] (DATA BECKER) -- D:\WINDOWS\DBREG.dll
[2011/08/23 13:50:10 | 000,628,736 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltocx12n.ocx
[2011/08/23 13:50:10 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltkrn12n.dll
[2011/08/23 13:50:10 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltimg12n.dll
[2011/08/23 13:50:10 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltfil12n.DLL
[2011/08/23 13:50:10 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\lttwn12n.dll
[2011/08/23 13:50:09 | 000,328,704 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\LFCMP12n.DLL
[2011/08/23 13:50:09 | 000,290,816 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\Tx4ole.ocx
[2011/08/23 13:50:09 | 000,259,072 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\LTDIS12n.dll
[2011/08/23 13:50:09 | 000,207,872 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltefx12n.dll
[2011/08/23 13:50:09 | 000,081,920 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\txtls32.dll
[2011/08/23 13:50:09 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\wndtls32.dll
[2011/08/23 13:50:09 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\lfgif12n.dll
[2011/08/23 13:50:09 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\lfbmp12n.dll
[2011/08/23 13:50:08 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\txobj32.dll
[2011/08/23 13:50:08 | 000,323,584 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_word.dll
[2011/08/23 13:50:08 | 000,244,416 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSFLXGRD.OCX
[2011/08/23 13:50:08 | 000,135,168 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_htm32.dll
[2011/08/23 13:50:08 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_rtf32.dll
[2011/08/23 13:50:08 | 000,115,920 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSINET.OCX
[2011/08/23 13:50:08 | 000,069,632 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\ic32.dll
[2011/08/23 13:50:08 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_tif32.flt
[2011/08/23 13:50:08 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_wmf32.flt
[2011/08/23 13:50:08 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_bmp32.flt
[2011/08/23 13:50:07 | 001,050,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msjet35.dll
[2011/08/23 13:50:07 | 000,252,176 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSRD2X35.DLL
[2011/08/23 13:50:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\CMDLGDE.DLL
[2011/08/23 13:50:06 | 000,415,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msrepl35.dll
[2011/08/23 13:50:06 | 000,173,304 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\MimeX.dll
[2011/08/23 13:50:06 | 000,158,208 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSCMCDE.DLL
[2011/08/23 13:50:06 | 000,144,640 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\PopX.OCX
[2011/08/23 13:50:06 | 000,132,344 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\PopX.dll
[2011/08/23 13:50:06 | 000,125,712 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\VB6DE.DLL
[2011/08/23 13:50:06 | 000,089,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\VB5DB.DLL
[2011/08/23 13:50:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSCC2DE.DLL
[2011/08/23 13:50:06 | 000,024,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSJTER35.DLL
[2011/08/23 13:50:05 | 000,279,800 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\FtpX.DLL
[2011/08/23 13:50:05 | 000,152,824 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\EncodeX.dll
[2011/08/23 13:50:05 | 000,148,736 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\FtpX.OCX
[2011/08/23 13:50:05 | 000,132,360 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\EncodeX.OCX
[2011/08/23 13:50:05 | 000,099,576 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\MabryObj.dll
[2011/08/23 13:50:03 | 000,000,000 | ---D | C] -- D:\Programme\DATA BECKER
[2011/08/22 10:46:51 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\MySQL
[2011/08/22 10:45:52 | 000,000,000 | ---D | C] -- D:\Programme\MySQL
[2011/08/22 10:45:52 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2011/08/22 09:13:10 | 000,000,000 | ---D | C] -- D:\Programme\CAO-Faktura
[2011/08/22 07:18:45 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Online Shop 6
[2011/08/22 07:14:50 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Online Shop 6
[2011/08/22 07:07:36 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\Winload
[2011/08/22 07:07:35 | 000,000,000 | ---D | C] -- D:\Programme\Winload
[2011/08/22 07:06:49 | 000,000,000 | ---D | C] -- D:\Programme\Mein Gutscheincode Finder
[2011/08/22 06:52:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2011/08/22 06:52:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2011/08/22 06:52:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[2011/08/14 09:17:17 | 000,139,656 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/14 09:03:14 | 000,010,496 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ndistapi.sys
[2006/02/19 05:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- D:\WINDOWS\Fonts\RandFont.dll
[2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[11 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/01 18:27:39 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/09/01 15:36:03 | 000,088,064 | ---- | M] () -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/01 15:23:21 | 000,000,000 | ---- | M] () -- D:\WINDOWS\1381543154
[2011/09/01 14:58:00 | 000,001,090 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/01 14:55:26 | 000,001,664 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/01 14:55:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2011/09/01 14:55:23 | 000,003,001 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2011/09/01 14:50:45 | 000,000,186 | ---- | M] () -- D:\WINDOWS\System\hpsysdrv.DAT
[2011/09/01 14:49:22 | 000,001,158 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/09/01 14:49:11 | 000,000,860 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2011/09/01 14:49:04 | 000,001,086 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/01 14:26:49 | 000,000,291 | RHS- | M] () -- D:\boot.ini
[2011/09/01 14:23:26 | 004,194,304 | ---- | M] () -- D:\WINDOWS\System32\kncnfspb.dll
[2011/08/30 14:03:15 | 000,002,519 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Excel.lnk
[2011/08/27 15:58:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/27 12:05:06 | 000,000,276 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/25 09:32:22 | 000,001,275 | ---- | M] () -- D:\WINDOWS\Lager.INI
[2011/08/25 09:24:34 | 000,080,896 | ---- | M] () -- D:\WINDOWS\cadkasdeinst01.exe
[2011/08/25 08:50:05 | 000,235,960 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/23 14:32:46 | 000,000,008 | ---- | M] () -- D:\WINDOWS\System32\PROTOCOL.INI
[2011/08/23 13:53:07 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DATA BECKER
[2011/08/22 06:25:57 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
[2011/08/14 17:05:12 | 000,461,030 | ---- | M] () -- D:\WINDOWS\System32\perfh007.dat
[2011/08/14 17:05:12 | 000,443,024 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/08/14 17:05:12 | 000,085,772 | ---- | M] () -- D:\WINDOWS\System32\perfc007.dat
[2011/08/14 17:05:12 | 000,072,290 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/08/14 17:02:22 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[11 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/01 14:55:26 | 000,001,664 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/01 14:23:26 | 004,194,304 | ---- | C] () -- D:\WINDOWS\System32\kncnfspb.dll
[2011/09/01 14:23:26 | 000,000,000 | ---- | C] () -- D:\WINDOWS\1381543154
[2011/08/25 09:32:22 | 000,001,275 | ---- | C] () -- D:\WINDOWS\Lager.INI
[2011/08/25 09:24:34 | 000,080,896 | ---- | C] () -- D:\WINDOWS\cadkasdeinst01.exe
[2011/08/23 14:32:46 | 000,000,008 | ---- | C] () -- D:\WINDOWS\System32\PROTOCOL.INI
[2011/08/23 13:50:13 | 000,016,070 | ---- | C] () -- D:\WINDOWS\German2.ini
[2011/08/23 13:50:08 | 000,446,464 | ---- | C] () -- D:\WINDOWS\System32\Tx32.dll
[2011/08/23 13:50:08 | 000,000,151 | ---- | C] () -- D:\WINDOWS\System32\ic32.ini
[2011/01/05 14:17:49 | 000,034,706 | ---- | C] () -- D:\WINDOWS\Irremote.ini
[2011/01/05 14:17:04 | 000,142,337 | ---- | C] () -- D:\WINDOWS\System32\Wait.exe
[2011/01/05 14:07:51 | 000,002,312 | ---- | C] () -- D:\WINDOWS\HCWPNP.INI
[2011/01/05 14:01:49 | 000,040,960 | R--- | C] () -- D:\WINDOWS\System32\hcwxds.dll
[2010/07/29 13:20:32 | 000,110,592 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/07/29 13:20:32 | 000,036,608 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/07/29 13:20:23 | 000,002,528 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\$_hpcst$.hpc
[2010/01/06 17:32:32 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2009/08/21 10:58:40 | 000,122,880 | ---- | C] () -- D:\WINDOWS\System32\AitVirtualComInstall.exe
[2009/07/20 14:10:48 | 000,307,200 | ---- | C] () -- D:\WINDOWS\System32\InstallVCOM.exe
[2009/05/02 17:09:50 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009/01/25 17:10:48 | 000,179,200 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 19:01:22 | 000,629,760 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2008/05/04 11:39:34 | 000,002,560 | ---- | C] () -- D:\WINDOWS\System32\ViaClassCoInstaller.dll
[2008/01/16 15:06:42 | 000,000,032 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008/01/14 20:31:00 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx14_ic.ini
[2007/12/12 15:56:55 | 000,000,085 | -HS- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2007/11/15 14:34:05 | 000,022,328 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/15 14:33:35 | 000,022,328 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\PnkBstrK.sys
[2007/11/15 14:32:49 | 000,103,736 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrB.exe
[2007/11/15 14:32:30 | 000,000,311 | ---- | C] () -- D:\WINDOWS\game.ini
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/05 07:45:52 | 000,000,604 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\AutoGK.ini
[2007/10/04 13:16:17 | 000,043,698 | ---- | C] () -- D:\WINDOWS\System32\xvid-uninstall.exe
[2007/07/12 15:52:37 | 000,000,507 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2007/07/02 18:21:53 | 000,520,192 | ---- | C] () -- D:\WINDOWS\System32\ati2sgag.exe
[2007/06/13 14:57:04 | 003,107,788 | ---- | C] () -- D:\WINDOWS\System32\ativvaxx.dat
[2007/06/13 14:57:04 | 003,107,788 | ---- | C] () -- D:\WINDOWS\System32\ativva5x.dat
[2007/06/13 14:57:04 | 000,972,072 | ---- | C] () -- D:\WINDOWS\System32\ativva6x.dat
[2007/06/13 12:26:05 | 000,059,653 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\NMM-MetaData.db
[2007/05/23 12:08:42 | 000,000,146 | ---- | C] () -- D:\Dokumente und Einstellungen\Andere\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/05/23 11:52:34 | 000,000,153 | ---- | C] () -- D:\WINDOWS\imageconvert.ini
[2007/04/29 13:43:04 | 000,149,504 | ---- | C] () -- D:\WINDOWS\System32\UNWISE32.EXE
[2007/04/29 13:04:33 | 000,001,861 | ---- | C] () -- D:\WINDOWS\Transbox.ini
[2007/04/28 12:48:35 | 000,000,075 | ---- | C] () -- D:\WINDOWS\System32\icoappini.ini
[2007/04/22 17:25:56 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\CNMVS53.DLL
[2007/04/19 14:36:52 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2007/04/19 09:52:10 | 000,088,064 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 09:43:22 | 000,003,396 | ---- | C] () -- D:\WINDOWS\mozver.dat
[2007/04/06 14:32:47 | 000,000,305 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007/01/03 15:46:14 | 000,000,149 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\px.ini
[2006/01/02 20:23:22 | 000,000,061 | ---- | C] () -- D:\WINDOWS\smscfg.ini
[2006/01/02 19:58:03 | 000,028,848 | ---- | C] () -- D:\WINDOWS\System32\drivers\USBkey.sys
[2006/01/02 19:50:59 | 000,014,378 | ---- | C] () -- D:\WINDOWS\System32\CHODDI.SYS
[2006/01/02 19:50:50 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\hpreg.dll
[2006/01/02 19:42:37 | 000,000,157 | ---- | C] () -- D:\WINDOWS\WININIT.INI
[2006/01/02 19:37:18 | 000,105,702 | ---- | C] () -- D:\WINDOWS\hpqins69.dat
[2006/01/02 19:36:19 | 000,003,776 | ---- | C] () -- D:\WINDOWS\System32\fxsperf.ini
[2006/01/02 19:31:49 | 000,144,357 | ---- | C] () -- D:\WINDOWS\System32\atiicdxx.dat
[2006/01/02 19:30:36 | 000,000,849 | ---- | C] () -- D:\WINDOWS\orun32.ini
[2006/01/02 19:10:44 | 000,000,146 | ---- | C] () -- D:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/01/02 19:08:34 | 000,016,896 | ---- | C] () -- D:\WINDOWS\System32\bcbmm.dll
[2005/12/07 06:31:00 | 000,202,752 | R--- | C] () -- D:\WINDOWS\System32\CddbCdda.dll
[2005/10/12 08:46:00 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2005/10/12 08:07:40 | 000,461,030 | ---- | C] () -- D:\WINDOWS\System32\perfh007.dat
[2005/10/12 08:07:40 | 000,443,024 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2005/10/12 08:07:40 | 000,085,772 | ---- | C] () -- D:\WINDOWS\System32\perfc007.dat
[2005/10/12 08:07:40 | 000,072,290 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2005/10/12 08:05:28 | 000,235,960 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/12 08:00:50 | 000,004,335 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2005/10/12 07:56:54 | 000,021,740 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2005/09/15 04:03:00 | 000,569,344 | ---- | C] () -- D:\WINDOWS\System32\tx11.dll
[2005/08/05 16:26:04 | 000,235,008 | ---- | C] () -- D:\WINDOWS\System32\PsisDecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- D:\WINDOWS\armcex.dll
[2005/02/05 04:33:06 | 000,057,344 | ---- | C] () -- D:\WINDOWS\System32\TrcCli5.dll
[2005/02/05 04:33:04 | 000,311,808 | ---- | C] () -- D:\WINDOWS\System32\rfapi5.dll
[2005/02/05 04:33:02 | 000,221,253 | ---- | C] () -- D:\WINDOWS\System32\CfgCapi.dll
[2004/10/22 08:43:16 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx11_ic.ini
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/08/10 00:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/10 00:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/10 00:00:00 | 000,269,480 | ---- | C] () -- D:\WINDOWS\System32\perfi007.dat
[2004/08/10 00:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/10 00:00:00 | 000,062,976 | ---- | C] () -- D:\WINDOWS\System32\drivers\cdrom.sys
[2004/08/10 00:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/10 00:00:00 | 000,034,478 | ---- | C] () -- D:\WINDOWS\System32\perfd007.dat
[2004/08/10 00:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/10 00:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2004/08/10 00:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2004/07/26 16:08:20 | 000,001,194 | ---- | C] () -- D:\WINDOWS\System32\oeminfo.ini
[2003/12/01 04:34:54 | 000,144,384 | ---- | C] () -- D:\WINDOWS\System32\lttls14n.dll
[2003/12/01 04:34:32 | 000,721,408 | ---- | C] () -- D:\WINDOWS\System32\ltcry14n.dll
[2003/04/23 10:00:30 | 000,281,600 | ---- | C] () -- D:\WINDOWS\System32\Talbc.dll
[2003/04/12 13:28:16 | 000,092,160 | ---- | C] () -- D:\WINDOWS\System32\TALRSS14.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2001/08/23 11:12:28 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001/08/23 11:11:02 | 000,004,490 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2000/06/27 18:00:00 | 000,124,416 | ---- | C] () -- D:\WINDOWS\System32\dXCtrls.dll
[1999/01/22 21:46:56 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/04 02:34:48 | 000,070,144 | ---- | C] () -- D:\WINDOWS\System32\Talbcdmx.dll
========== LOP Check ==========
[2011/09/01 14:48:39 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2011/09/01 14:54:51 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2007/06/13 12:18:20 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2007/12/12 15:57:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
[2010/01/06 10:05:18 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2007/06/13 12:16:20 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2011/08/22 10:45:52 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2007/06/13 12:23:32 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010/11/11 14:17:08 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 816 bytes -> D:\WINDOWS\1381543154:223586221.exe
@Alternate Data Stream - 48 bytes -> D:\WINDOWS:BC53D08132A418FB
< End of report >
|
|
01.09.2011, 23:55
| #6 |
| | Trojaner w32 patchload.a und TR/Kazy.24148 Hier den Inhalt Extras:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 9/2/2011 1:43:39 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,022.00 Mb Total Physical Memory | 758.00 Mb Available Physical Memory | 74.00% Memory free
906.00 Mb Paging File | 812.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 97.65 Gb Total Space | 51.02 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
Drive D: | 291.13 Gb Total Space | 194.96 Gb Free Space | 66.97% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 17.12 Gb Free Space | 35.07% Space Free | Partition Type: NTFS
Drive J: | 19.53 Gb Total Space | 0.49 Gb Free Space | 2.51% Space Free | Partition Type: NTFS
Drive K: | 23.90 Gb Total Space | 0.20 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
Drive L: | 6.95 Gb Total Space | 1.05 Gb Free Space | 15.16% Space Free | Partition Type: FAT32
Drive M: | 1003.47 Mb Total Space | 1003.36 Mb Free Space | 99.99% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- D:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL Germany
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"C:\Programme\Xfire\xfire.exe" = C:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\Valve\Steam\steam.exe" = C:\Programme\Valve\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"H:\Valve2\hl.exe" = H:\Valve2\hl.exe:*:Enabled:Half-Life Launcher
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life deathmatch source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life deathmatch source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life 2 deathmatch\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour"
"C:\Programme\WinTV\WinTV7\WinTV7.exe" = C:\Programme\WinTV\WinTV7\WinTV7.exe:*:Enabled:WinTV7 -- (Hauppauge Computer Works, Inc.)
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\counter-strike source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Downloads\stinger10.2.0.267.exe" = C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Downloads\stinger10.2.0.267.exe:*:Enabled:stinger10.2.0.267 -- ()
"C:\Programme\AntiVir PersonalEdition Classic\update.exe" = C:\Programme\AntiVir PersonalEdition Classic\update.exe:*:Enabled:Antivirus Updater -- (Avira GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{02850087-A59F-4782-B8AF-40674752D5F1}" = ATI Catalyst Control Center
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{37DD5BB3-9DB4-4D92-9E50-16F2AD14A317}" = MySQL Server 5.5
"{3B5FEE89-AB5A-4EA9-A3AB-40216ADE225B}" = MovieJack DVD 2
"{41153CDC-08C5-41A3-8FE3-81F7896ED8E1}" = Warenwirtschaftssystem 8.0
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"1F811665-E818-4956-9173-35CD47C9DCE0" = Otto
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.55
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"AwayMode160" = Microsoft Away Mode
"BIMPLite" = BIMP Lite 1.62
"CANONBJ_Deinstall_CNMCP53.DLL" = Canon i350
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Counter-Strike Source" = Counter-Strike Source
"DivX Setup.divx.com" = DivX-Setup
"DVD-CLONER VII_is1" = DVD-CLONER V7.00 Build 990
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"HTPE3" = HyperTerminal Private Edition v6.3
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageConverter" = ImageConverter 1.0
"InfraRecorder" = InfraRecorder
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Lagerverwaltung" = RE's Lager-Verwaltung Version 1.3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShockwaveFlash" = Macromedia Flash Player 8
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Techno4ever Player" = Techno4ever Player
"Techno4ever Toolbar" = Techno4ever Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6
"VobSub" = VobSub v2.23 (Remove Only)
"web2date" = DATA BECKER shop to date 5
"WIC" = Windows Imaging Component
"Windows Lemmings" = Lemmings for Windows 95
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Toolbar" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\HP_Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
< End of report >
|
|
02.09.2011, 09:32
| #7 |
| /// Malwareteam | Trojaner w32 patchload.a und TR/Kazy.24148 Schritt 1 Mehrere Anti-Virus-Programme Code:
ATTFilter Avast
Avira
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast und deinstalliere die anderen. Schritt 2 Fixen mit OTLpe
Schritt 3 Kannst Du wieder starten? Wenn ja dann mache einen Scan mit Malwarebytes Anti-Malware. |
|
02.09.2011, 12:43
| #8 |
| | Trojaner w32 patchload.a und TR/Kazy.24148 So hier schonmal die Log: ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f2ac5852 deleted successfully. D:\WINDOWS\1381543154 moved successfully. D:\AUTOEXEC.BAT moved successfully. L:\AUTOEXEC.BAT moved successfully. L:\Autorun.inf moved successfully. File move failed. X:\AUTORUN.INF scheduled to be moved on reboot. File D:\WINDOWS\1381543154 not found. D:\WINDOWS\system32\kncnfspb.dll moved successfully. Unable to delete ADS D:\WINDOWS\1381543154:223586221.exe . ADS D:\WINDOWS:BC53D08132A418FB deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Andere User: Default User User: HP_Administrator User: LocalService User: NetworkService %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19617 bytes %systemroot%\System32 .tmp files removed: 5435271 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 137683340 bytes Total Files Cleaned = 137.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 09022011_143927 |
|
02.09.2011, 12:48
| #9 |
| | Trojaner w32 patchload.a und TR/Kazy.24148 Ja super das klappt schonmal wieder. Rechner fährt soweit normal hoch. Danke schonmal! Und habe mich dann für AntiVir entschieden. MfG Oemmel |
|
02.09.2011, 15:16
| #10 |
| /// Malwareteam | Trojaner w32 patchload.a und TR/Kazy.24148 Downloade Dir bitte Malwarebytes
|
|
02.09.2011, 16:15
| #11 |
| | Trojaner w32 patchload.a und TR/Kazy.24148 Ok Scan habe ich durchgeführt. Eine Datei wurde gefunden. Hier der Log: Malwarebytes' Anti-Malware 1.51.1.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 7637 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02.09.2011 17:12:42 mbam-log-2011-09-02 (17-12-42).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 199205 Laufzeit: 7 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully. |
|
02.09.2011, 16:28
| #12 |
| /// Malwareteam | Trojaner w32 patchload.a und TR/Kazy.24148 Schritt 1 ESET Online Scanner
Schritt 2 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
|
|
02.09.2011, 19:19
| #13 |
| | Trojaner w32 patchload.a und TR/Kazy.24148 Hier der Log.txt von ESET: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=90c74c424eb4884ca431cd387036b526 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-09-02 05:34:24 # local_time=2011-09-02 07:34:24 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 743 743 0 0 # scanned=121603 # found=11 # cleaned=0 # scan_time=4465 C:\Programme\AntiVir PersonalEdition Classic\sched.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\Programme\Bonjour\mDNSResponder.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\Programme\ICQ6Toolbar\ICQ Service.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\Programme\Java\jre6\bin\jqs.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\Programme\MySQL\MySQL Server 5.5\bin\mysqld.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\Programme\WinTV\TVServer\CaptureGenPCI.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\Programme\WinTV\TVServer\HauppaugeTVServer.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I C:\RECYCLER\S-1-5-21-1517635286-910970031-1826383466-1007\Dc14.zip Win32/Sirefef.CT trojan (unable to clean) 00000000000000000000000000000000 I |
|
02.09.2011, 19:39
| #14 |
| | Trojaner w32 patchload.a und TR/Kazy.24148 Hier der Log von OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.09.2011 20:35:15 - Run 2 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Dokumente und Einstellungen\HP_Administrator\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,48 Mb Total Physical Memory | 472,76 Mb Available Physical Memory | 46,24% Memory free 2,40 Gb Paging File | 2,03 Gb Available in Paging File | 84,73% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 291,13 Gb Total Space | 193,86 Gb Free Space | 66,59% Space Free | Partition Type: NTFS Drive D: | 6,95 Gb Total Space | 1,05 Gb Free Space | 15,16% Space Free | Partition Type: FAT32 Drive F: | 97,65 Gb Total Space | 51,02 Gb Free Space | 52,24% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 17,12 Gb Free Space | 35,07% Space Free | Partition Type: NTFS Drive H: | 19,53 Gb Total Space | 0,49 Gb Free Space | 2,51% Space Free | Partition Type: NTFS Drive M: | 23,90 Gb Total Space | 0,20 Gb Free Space | 0,85% Space Free | Partition Type: NTFS Computer Name: ALEX | User Name: HP_Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- C:\WINDOWS\1381543154:223586221.exe PRC - [2011.09.02 20:19:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.04.20 18:57:18 | 000,083,456 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Programme\WinTV\WinTV7\WinTVTray.exe PRC - [2008.07.25 17:43:43 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.01.03 01:41:22 | 000,045,056 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe PRC - [2005.08.03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe ========== Modules (No Company Name) ========== MOD - [2011.08.16 16:25:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll MOD - [2011.08.16 16:25:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll MOD - [2011.08.16 16:25:04 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll MOD - [2011.08.16 16:22:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll MOD - [2011.06.30 03:08:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2011.02.04 18:48:32 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010.11.15 04:01:32 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_655cd81f\mscorlib.dll MOD - [2010.11.15 04:01:30 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_e2d8eae0\system.drawing.dll MOD - [2010.11.15 04:01:26 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ee3624bf\system.xml.dll MOD - [2010.11.15 04:01:23 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_1551a25b\system.windows.forms.dll MOD - [2010.11.15 04:01:17 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_86a3e2ba\system.dll MOD - [2010.11.15 04:01:08 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2010.11.15 04:01:08 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2010.03.12 11:47:59 | 000,040,960 | R--- | M] () -- C:\WINDOWS\system32\hcwxds.dll MOD - [2009.02.27 18:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.06.20 18:02:46 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.10.09 17:12:30 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\PsisRndr.ax MOD - [2006.10.09 17:12:14 | 000,235,008 | ---- | M] () -- C:\WINDOWS\system32\PsisDecd.dll MOD - [2006.09.16 23:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2006.01.03 01:41:22 | 000,045,056 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe MOD - [2006.01.03 01:11:16 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll MOD - [2006.01.03 01:11:15 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2006.01.03 01:11:15 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006.01.03 01:11:15 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2006.01.03 01:11:15 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll MOD - [2006.01.03 01:10:36 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2006.01.03 01:10:36 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_de_b77a5c561934e089\system.windows.forms.resources.dll MOD - [2005.08.05 22:26:02 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax MOD - [2005.08.05 21:02:02 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax MOD - [2005.08.05 21:01:14 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (PnkBstrA) SRV - File not found [Auto | Stopped] -- -- (MySQL) SRV - File not found [Auto | Stopped] -- -- (LightScribeService) SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService) SRV - File not found [On_Demand | Stopped] -- -- (iPod Service) SRV - File not found [Auto | Stopped] -- -- (ICQ Service) SRV - File not found [Auto | Stopped] -- -- (HauppaugeTVServer) SRV - File not found [Auto | Stopped] -- -- (FsUsbExService) SRV - File not found [Auto | Stopped] -- -- (DeviceManager) SRV - File not found [Auto | Stopped] -- -- (Bonjour Service) SRV - File not found [Auto | Stopped] -- -- (Ati HotKey Poller) SRV - File not found [Auto | Stopped] -- -- (Apple Mobile Device) SRV - File not found [Auto | Stopped] -- -- (AntiVirScheduler) SRV - [2011.09.01 20:45:59 | 000,153,088 | ---- | M] () [Auto | Stopped] -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.04.19 15:35:19 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2005.08.03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC) SRV - [2004.10.22 11:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.07.12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2010.03.12 11:47:58 | 000,321,280 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE) DRV - [2010.03.12 11:47:57 | 000,012,288 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5) DRV - [2010.03.12 11:47:56 | 000,216,576 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (hcw88bda) DRV - [2010.03.12 11:47:56 | 000,013,440 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD) DRV - [2009.11.14 18:50:56 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.11.14 18:50:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2009.10.22 15:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2009.09.21 09:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.05.25 12:18:02 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbser.sys -- (qcusbser) DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.06.13 21:24:13 | 002,155,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm) DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj) DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc) DRV - [2006.07.25 01:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.03.04 00:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2006.03.04 00:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005.12.13 02:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2005.06.29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2) DRV - [2005.03.09 23:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2004.08.09 14:27:01 | 000,043,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Temp\gUSBSTOi.sys -- (gUSBSTOi) DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2003.11.05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run) DRV - [2002.04.09 17:00:10 | 000,004,480 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Suche ? Websuche & Suchmaschine IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Suche ? Websuche & Suchmaschine IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = Yahoo! Suche ? Websuche & Suchmaschine IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = Yahoo! Suche ? Websuche & Suchmaschine IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.11.28 03:34:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 14:13:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 14:13:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.20 17:05:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.03 15:50:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.11.19 18:14:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.06 14:13:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.08.22 13:07:37 | 000,000,000 | ---D | M] [2010.11.19 18:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Extensions [2010.11.19 18:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.08.22 13:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions [2010.11.17 20:20:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.26 17:13:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.08.22 13:09:33 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.08.18 19:40:10 | 000,000,000 | ---D | M] (Softonic Deutsch Community Toolbar) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.05.25 18:04:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.08.18 19:40:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.06.03 15:51:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\engine@conduit.com [2011.08.18 19:40:09 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\piclens@cooliris.com [2011.09.01 20:11:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-1.xml [2011.05.10 13:52:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-10.xml [2011.06.03 15:52:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-11.xml [2011.08.20 17:06:31 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-12.xml [2010.06.30 11:25:54 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-2.xml [2010.07.27 11:54:55 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-3.xml [2010.09.20 21:48:16 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-4.xml [2010.10.18 19:40:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-5.xml [2010.11.14 17:59:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-6.xml [2011.01.12 14:21:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-7.xml [2011.03.17 08:51:01 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-8.xml [2011.04.26 20:44:45 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-9.xml [2010.01.13 17:50:15 | 000,000,955 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin.xml [2011.08.22 12:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2007.04.19 15:43:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.06.03 15:51:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.08 11:56:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.14 21:03:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.08.22 12:52:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2007.08.27 20:45:18 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HP_ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\B2L3QQ4V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2010.07.08 11:56:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.08.22 13:07:37 | 000,000,000 | ---D | M] (preisspion.de) -- C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX [2011.08.20 17:05:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.08.20 17:05:20 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.20 17:05:20 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.08.20 17:05:20 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.08.20 17:05:20 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.20 17:05:20 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.20 17:05:20 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - File not found O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (TECHNO4EVER Toolbar) - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found O3 - HKLM\..\Toolbar: (TECHNO4EVER Toolbar) - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (TECHNO4EVER Toolbar) - {FB7D98CB-B228-4ECB-ACAC-E7101156338E} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (TECHNO4EVER Toolbar) - {FB7D98CB-B228-4ECB-ACAC-E7101156338E} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPBootOp] C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinTV Recording Status..lnk = C:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5961CD2C-4AB6-4277-B4E2-D29FD7907C01}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9288660B-B03C-4B26-B229-673CD0823ED7}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{44d488c2-d13a-11de-a827-0018f3adb81e}\Shell - "" = AutoRun O33 - MountPoints2\{44d488c2-d13a-11de-a827-0018f3adb81e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{44d488c2-d13a-11de-a827-0018f3adb81e}\Shell\AutoRun\command - "" = N:\autorun.exe O33 - MountPoints2\{560acacc-efab-11de-a82d-0018f3adb81e}\Shell\AutoRun\command - "" = N:\Get_Started_for_Win.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: Nla - C:\WINDOWS\system32\mswsock.dll () NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk - C:\Programme\Google\Google Updater\GoogleUpdater.exe - (Google) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^HP_Administrator^Startmenü^Programme^Autostart^Xfire.lnk - C:\Programme\Xfire\xfire.exe - (Xfire Inc.) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AlwaysReady Power Message APP - hkey= - key= - C:\WINDOWS\arpwrmsg.exe (Microsoft) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found MsConfig - StartUpReg: CloneCDElbyCDFL - hkey= - key= - C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes) MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes) MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Programme\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: DMAScheduler - hkey= - key= - c:\Programme\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions) MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: ftutil2 - hkey= - key= - File not found MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: ICQ Lite - hkey= - key= - File not found MsConfig - StartUpReg: MediaGet2 - hkey= - key= - File not found MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - StartUpReg: NPSStartup - hkey= - key= - File not found MsConfig - StartUpReg: PCDrProfiler - hkey= - key= - File not found MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe () MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) MsConfig - StartUpReg: Steam - hkey= - key= - c:\programme\valve\steam\steam.exe (Valve Corporation) MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.02 20:39:28 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2011.09.02 20:39:27 | 000,000,000 | ---D | C] -- C:\_OTL [2011.09.02 20:19:44 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe [2011.09.02 18:07:36 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2011.09.02 18:05:55 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\esetsmartinstaller_enu.exe [2011.09.02 18:02:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Malwarebytes [2011.09.02 18:01:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.09.02 18:01:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.09.02 18:01:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.09.02 18:01:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.09.02 18:01:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.09.02 18:00:57 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\mbam-setup-1.51.1.1800.exe [2011.09.01 21:31:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\Neuer Ordner (3) [2011.09.01 20:54:51 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2011.09.01 20:54:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2011.08.25 15:38:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\RE's Lager-Verwaltung [2011.08.25 15:38:37 | 000,000,000 | ---D | C] -- C:\Programme\Lagerverwaltung [2011.08.25 15:24:34 | 000,000,000 | ---D | C] -- C:\Programme\Lagerverwaltung 2 [2011.08.23 20:32:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\Warenwirtschaftssystem [2011.08.23 20:32:39 | 000,000,000 | ---D | C] -- C:\Programme\Common~1 [2011.08.23 20:32:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\T1FONTS [2011.08.23 20:29:27 | 000,000,000 | ---D | C] -- C:\Baumann [2011.08.23 19:53:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DATA BECKER [2011.08.23 19:50:12 | 000,131,584 | ---- | C] (DATA BECKER) -- C:\WINDOWS\DBReg.exe [2011.08.23 19:50:11 | 000,627,200 | ---- | C] (DATA BECKER) -- C:\WINDOWS\DBREG.dll [2011.08.23 19:50:09 | 000,290,816 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\Tx4ole.ocx [2011.08.23 19:50:09 | 000,081,920 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\txtls32.dll [2011.08.23 19:50:09 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wndtls32.dll [2011.08.23 19:50:08 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\txobj32.dll [2011.08.23 19:50:08 | 000,323,584 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_word.dll [2011.08.23 19:50:08 | 000,135,168 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_htm32.dll [2011.08.23 19:50:08 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_rtf32.dll [2011.08.23 19:50:08 | 000,069,632 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\ic32.dll [2011.08.23 19:50:08 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_tif32.flt [2011.08.23 19:50:08 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_wmf32.flt [2011.08.23 19:50:08 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_bmp32.flt [2011.08.23 19:50:06 | 000,173,304 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MimeX.dll [2011.08.23 19:50:06 | 000,144,640 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\PopX.OCX [2011.08.23 19:50:06 | 000,132,344 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\PopX.dll [2011.08.23 19:50:05 | 000,279,800 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\FtpX.DLL [2011.08.23 19:50:05 | 000,152,824 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\EncodeX.dll [2011.08.23 19:50:05 | 000,148,736 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\FtpX.OCX [2011.08.23 19:50:05 | 000,132,360 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\EncodeX.OCX [2011.08.23 19:50:05 | 000,099,576 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MabryObj.dll [2011.08.23 19:50:03 | 000,000,000 | ---D | C] -- C:\Programme\DATA BECKER [2011.08.22 16:46:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\MySQL [2011.08.22 16:45:52 | 000,000,000 | ---D | C] -- C:\Programme\MySQL [2011.08.22 16:45:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL [2011.08.22 15:13:10 | 000,000,000 | ---D | C] -- C:\Programme\CAO-Faktura [2011.08.22 13:18:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Online Shop 6 [2011.08.22 13:14:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Online Shop 6 [2011.08.22 13:07:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\Winload [2011.08.22 13:07:35 | 000,000,000 | ---D | C] -- C:\Programme\Winload [2011.08.22 13:06:49 | 000,000,000 | ---D | C] -- C:\Programme\Mein Gutscheincode Finder ========== Files - Modified Within 30 Days ========== [2011.09.02 20:19:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe [2011.09.02 19:58:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.09.02 18:06:29 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\esetsmartinstaller_enu.exe [2011.09.02 18:01:17 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.02 17:17:11 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2011.09.02 17:16:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.09.02 17:16:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.09.02 17:16:04 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.09.02 17:15:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1381543154 [2011.09.02 17:15:57 | 000,043,408 | -HS- | M] () -- C:\WINDOWS\System32\c_62913.nl_ [2011.09.02 17:15:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.09.02 17:15:35 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys [2011.09.02 16:59:48 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\mbam-setup-1.51.1.1800.exe [2011.09.02 14:48:39 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011.09.02 14:43:47 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\kncnfspb.dll [2011.09.01 21:36:03 | 000,088,064 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.01 20:26:49 | 000,000,291 | RHS- | M] () -- C:\boot.ini [2011.08.27 18:05:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.08.25 15:32:22 | 000,001,275 | ---- | M] () -- C:\WINDOWS\Lager.INI [2011.08.25 15:24:34 | 000,080,896 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01.exe [2011.08.25 14:50:05 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.08.23 20:32:46 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\PROTOCOL.INI [2011.08.14 23:05:12 | 000,461,030 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.08.14 23:05:12 | 000,443,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.08.14 23:05:12 | 000,085,772 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.08.14 23:05:12 | 000,072,290 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.14 23:02:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK ========== Files Created - No Company Name ========== [2011.09.02 18:01:17 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.02 17:15:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1381543154 [2011.09.02 17:15:57 | 000,043,408 | -HS- | C] () -- C:\WINDOWS\System32\c_62913.nl_ [2011.09.02 14:44:13 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys [2011.09.02 14:43:47 | 004,194,304 | ---- | C] () -- C:\WINDOWS\System32\kncnfspb.dll [2011.08.25 15:32:22 | 000,001,275 | ---- | C] () -- C:\WINDOWS\Lager.INI [2011.08.25 15:24:34 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2011.08.23 20:32:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI [2011.08.23 19:50:13 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini [2011.08.23 19:50:08 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll [2011.08.23 19:50:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2011.01.05 20:17:49 | 000,034,706 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2011.01.05 20:17:04 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe [2011.01.05 20:07:51 | 000,002,312 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2011.01.05 20:01:49 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwxds.dll [2010.07.29 19:20:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.07.29 19:20:32 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.07.29 19:20:23 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\$_hpcst$.hpc [2010.01.06 23:32:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.08.21 16:58:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\AitVirtualComInstall.exe [2009.07.20 20:10:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\InstallVCOM.exe [2009.05.02 23:09:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.05.04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll [2008.01.16 21:06:42 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008.01.15 02:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2007.12.12 21:56:55 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2007.11.15 20:34:05 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.11.15 20:33:35 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\PnkBstrK.sys [2007.11.15 20:32:49 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2007.11.15 20:32:30 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.10.05 13:45:52 | 000,000,604 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\AutoGK.ini [2007.10.04 19:16:17 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe [2007.07.12 21:52:37 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.07.03 00:21:53 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2007.06.13 20:57:04 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2007.06.13 20:57:04 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2007.06.13 20:57:04 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2007.06.13 18:26:05 | 000,059,653 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\NMM-MetaData.db [2007.05.23 17:52:34 | 000,000,153 | ---- | C] () -- C:\WINDOWS\imageconvert.ini [2007.04.29 19:43:04 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE32.EXE [2007.04.29 19:04:33 | 000,001,861 | ---- | C] () -- C:\WINDOWS\Transbox.ini [2007.04.28 18:48:35 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\icoappini.ini [2007.04.22 23:25:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL [2007.04.19 20:36:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.04.19 15:52:10 | 000,088,064 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.04.19 15:43:22 | 000,003,396 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.04.06 20:32:47 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.01.03 21:46:14 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.06.16 20:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.01.03 02:23:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.01.03 01:58:03 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys [2006.01.03 01:50:59 | 000,014,378 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2006.01.03 01:50:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2006.01.03 01:42:37 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006.01.03 01:37:18 | 000,105,702 | ---- | C] () -- C:\WINDOWS\hpqins69.dat [2006.01.03 01:36:19 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006.01.03 01:31:49 | 000,144,357 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006.01.03 01:30:36 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.03 01:08:34 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll [2005.10.12 14:46:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2005.10.12 14:07:40 | 000,461,030 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2005.10.12 14:07:40 | 000,443,024 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2005.10.12 14:07:40 | 000,085,772 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2005.10.12 14:07:40 | 000,072,290 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2005.10.12 14:05:28 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2005.10.12 14:00:50 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.10.12 13:56:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2005.09.15 10:03:00 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\tx11.dll [2005.08.05 22:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2005.08.03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll [2005.02.05 10:33:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TrcCli5.dll [2005.02.05 10:33:04 | 000,311,808 | ---- | C] () -- C:\WINDOWS\System32\rfapi5.dll [2005.02.05 10:33:02 | 000,221,253 | ---- | C] () -- C:\WINDOWS\System32\CfgCapi.dll [2004.10.22 14:43:16 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx11_ic.ini [2004.08.10 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.10 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.10 06:00:00 | 000,247,296 | ---- | C] () -- C:\WINDOWS\System32\mswsock.dll [2004.08.10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.10 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.07.26 22:08:20 | 000,001,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2003.12.01 10:34:54 | 000,144,384 | ---- | C] () -- C:\WINDOWS\System32\lttls14n.dll [2003.12.01 10:34:32 | 000,721,408 | ---- | C] () -- C:\WINDOWS\System32\ltcry14n.dll [2003.04.23 16:00:30 | 000,281,600 | ---- | C] () -- C:\WINDOWS\System32\Talbc.dll [2003.04.12 19:28:16 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\TALRSS14.dll [2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2001.08.23 17:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.23 17:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2000.06.28 00:00:00 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\dXCtrls.dll [1999.01.23 03:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998.06.04 08:34:48 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\Talbcdmx.dll ========== LOP Check ========== [2011.09.01 20:48:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic [2011.09.02 14:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2007.06.13 18:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2007.12.12 21:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes [2010.01.06 16:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2007.06.13 18:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2011.08.22 16:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL [2007.06.13 18:23:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.11.11 20:17:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.12 17:31:56 | 000,000,000 | ---D | M] -- C:\a8cbb3f8ba7c142f80 [2007.07.03 00:21:13 | 000,000,000 | ---D | M] -- C:\ATI [2011.08.23 20:29:27 | 000,000,000 | ---D | M] -- C:\Baumann [2007.04.22 23:25:38 | 000,000,000 | -H-D | M] -- C:\BJPrinter [2007.12.12 21:58:26 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2007.01.03 21:50:54 | 000,000,000 | RHSD | M] -- C:\cmdcons [2005.11.15 06:13:14 | 000,000,000 | ---D | M] -- C:\CMPNENTS [2011.09.01 20:55:19 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2007.05.23 18:08:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2007.01.03 22:04:26 | 000,000,000 | -H-D | M] -- C:\hp [2007.07.06 22:22:16 | 000,000,000 | ---D | M] -- C:\Netgear [2007.05.23 17:37:47 | 000,000,000 | ---D | M] -- C:\Program Files [2011.09.02 18:07:36 | 000,000,000 | R--D | M] -- C:\Programme [2007.01.03 21:59:03 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2007.01.03 21:42:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2006.01.03 01:08:34 | 000,000,000 | -H-D | M] -- C:\system.sav [2008.12.03 21:30:07 | 000,000,000 | ---D | M] -- C:\temp [2011.09.02 17:16:07 | 000,000,000 | ---D | M] -- C:\WINDOWS [2011.09.02 20:39:27 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2004.08.10 06:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: REGEDIT.EXE > [2004.08.10 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2004.08.09 23:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 06:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-25 12:59:42 < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\WINDOWS\$NtUninstallKB21761$] -> Error: Cannot create file handle -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 816 bytes -> C:\WINDOWS\1381543154:223586221.exe < End of report > |
|
02.09.2011, 19:42
| #15 |
| | Trojaner w32 patchload.a und TR/Kazy.24148 Hier der andere:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.09.2011 20:21:19 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Dokumente und Einstellungen\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,48 Mb Total Physical Memory | 535,75 Mb Available Physical Memory | 52,40% Memory free
2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 291,13 Gb Total Space | 193,89 Gb Free Space | 66,60% Space Free | Partition Type: NTFS
Drive D: | 6,95 Gb Total Space | 1,05 Gb Free Space | 15,16% Space Free | Partition Type: FAT32
Drive F: | 97,65 Gb Total Space | 51,02 Gb Free Space | 52,24% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 17,12 Gb Free Space | 35,07% Space Free | Partition Type: NTFS
Drive H: | 19,53 Gb Total Space | 0,49 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
Drive M: | 23,90 Gb Total Space | 0,20 Gb Free Space | 0,85% Space Free | Partition Type: NTFS
Drive N: | 465,64 Gb Total Space | 67,37 Gb Free Space | 14,47% Space Free | Partition Type: FAT32
Computer Name: ALEX | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL Germany
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"C:\Programme\Xfire\xfire.exe" = C:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\Valve\Steam\steam.exe" = C:\Programme\Valve\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"H:\Valve2\hl.exe" = H:\Valve2\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life deathmatch source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life deathmatch source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life 2 deathmatch\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour"
"C:\Programme\WinTV\WinTV7\WinTV7.exe" = C:\Programme\WinTV\WinTV7\WinTV7.exe:*:Enabled:WinTV7 -- (Hauppauge Computer Works, Inc.)
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\counter-strike source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Downloads\stinger10.2.0.267.exe" = C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Downloads\stinger10.2.0.267.exe:*:Enabled:stinger10.2.0.267 -- ()
"C:\Programme\AntiVir PersonalEdition Classic\update.exe" = C:\Programme\AntiVir PersonalEdition Classic\update.exe:*:Enabled:Antivirus Updater -- (Avira GmbH)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{02850087-A59F-4782-B8AF-40674752D5F1}" = ATI Catalyst Control Center
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{37DD5BB3-9DB4-4D92-9E50-16F2AD14A317}" = MySQL Server 5.5
"{3B5FEE89-AB5A-4EA9-A3AB-40216ADE225B}" = MovieJack DVD 2
"{41153CDC-08C5-41A3-8FE3-81F7896ED8E1}" = Warenwirtschaftssystem 8.0
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"1F811665-E818-4956-9173-35CD47C9DCE0" = Otto
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"AwayMode160" = Microsoft Away Mode
"BIMPLite" = BIMP Lite 1.62
"CANONBJ_Deinstall_CNMCP53.DLL" = Canon i350
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Counter-Strike Source" = Counter-Strike Source
"DivX Setup.divx.com" = DivX-Setup
"DVD-CLONER VII_is1" = DVD-CLONER V7.00 Build 990
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"HTPE3" = HyperTerminal Private Edition v6.3
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageConverter" = ImageConverter 1.0
"InfraRecorder" = InfraRecorder
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Lagerverwaltung" = RE's Lager-Verwaltung Version 1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShockwaveFlash" = Macromedia Flash Player 8
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Techno4ever Player" = Techno4ever Player
"Techno4ever Toolbar" = Techno4ever Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6
"VobSub" = VobSub v2.23 (Remove Only)
"web2date" = DATA BECKER shop to date 5
"WIC" = Windows Imaging Component
"Windows Lemmings" = Lemmings for Windows 95
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Toolbar" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.11.2010 08:14:25 | Computer Name = ALEX | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}"
konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
der Protokolldatei C:\DOKUME~1\HP_ADM~1\LOKALE~1\Temp\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log
enthalten.
Error - 13.11.2010 08:14:27 | Computer Name = ALEX | Source = NativeWrapper | ID = 5000
Description =
Error - 05.01.2011 14:09:22 | Computer Name = ALEX | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 -- Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see Error message when you try to install the.NET Framework 2.0 on a computer that has the.NET Framework 2.0 Service Pack 1 installed: "Setup cannot continue because this version of the.NET Framework is incompatible with a previously installed one"
Error - 22.08.2011 07:06:54 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung freeware-online-shop-setup.exe, Version
0.0.0.0, fehlgeschlagenes Modul freeware-online-shop-setup.exe, Version 0.0.0.0,
Fehleradresse 0x000f85d5.
Error - 22.08.2011 07:07:37 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung freeware-online-shop-setup.exe, Version
0.0.0.0, fehlgeschlagenes Modul freeware-online-shop-setup.exe, Version 0.0.0.0,
Fehleradresse 0x000f85d5.
Error - 25.08.2011 12:13:32 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WinTV7.exe, Version 1.0.28110.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.08.2011 14:11:12 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung web2date.exe, Version 5.0.0.1572, fehlgeschlagenes
Modul web2date.exe, Version 5.0.0.1572, Fehleradresse 0x005e273b.
Error - 01.09.2011 14:09:00 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WinTV7.exe, Version 1.0.28110.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 01.09.2011 14:42:20 | Computer Name = ALEX | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 01.09.2011 14:42:20 | Computer Name = ALEX | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
[ System Events ]
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Dienst "Bonjour"" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DeviceManager" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FsUsbExService" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HauppaugeTVServer" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Java Quick Starter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySQL" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 02.09.2011 11:15:59 | Computer Name = ALEX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Cdrom Imapi IntelIde ViaIde
Error - 02.09.2011 11:17:29 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "iPod Service"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
Error - 02.09.2011 11:17:30 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
|
|
| Themen zu Trojaner w32 patchload.a und TR/Kazy.24148 |
| anmeldung, antivir, bitte um hilfe, großes, hallo zusammen, heute, meldung, neu, nicht mehr, problem, rechner, schonmal, sofort, starte, startet, troja, trojaner, w32, windows, windows xp, zusammen |
Textbox.
Linear-Darstellung
