Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
unerwünschtes Programm 'TR/Agent.qazy.1472'

unerwünschtes Programm 'TR/Agent.qazy.1472'


Log-Analyse und Auswertung: unerwünschtes Programm 'TR/Agent.qazy.1472'

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.04.2010, 01:05   #1
Xara
 
unerwünschtes Programm 'TR/Agent.qazy.1472' - Standard

unerwünschtes Programm 'TR/Agent.qazy.1472'


Hallihallo,

Ich habe heute nacht die Meldung von meinem AntiVir bekommen:

In der Datei 'C:\System Volume Information\_restore{258E27A8-5507-4975-970F-97D14FE5681F}\RP1092\A0283887.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Agent.qazy.1472' [trojan] gefunden.

Da ich relativ wenig ahnung von PCs hab wollt ich hier um euren Rat fragen.
Ich hab schonmal ein Logfile gemacht:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:58, on 10-04-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cjpcsc.exe
C:\Programme\Videoload Manager\ContentManager.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Programme\QuickTime\QTTask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Picasa2\PicasaMediaDetector.exe
C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programme\ICQ6.5\ICQ.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Java\jre6\bin\jucheck.exe
C:\Programme\totalcmd\TOTALCMD.EXE
C:\Programme\VideoLAN\VLC\vlc.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\Mozilla Firefox\firefox.exe
c:\programme\avira\antivir desktop\avcenter.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\GEMEIN~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Programme\Video Access ActiveX Object\isadd.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Programme\Video Access ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Programme\RAM Idle LE\RAM_XP.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [CTCheck] C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Programme\Video Access ActiveX Object\pmsnrr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - hxxp://www.flatcast.com/de/download/NpFv415.dll
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.53 85.255.112.116
O18 - Protocol: fluxhttp - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax
O20 - Winlogon Notify: inketype - C:\WINDOWS\system32\inketype.dll (file missing)
O22 - SharedTaskScheduler: characterizing - {b292ec9f-a074-4115-8342-1f459702d8d2} - C:\WINDOWS\system32\fyxkaah.dll (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: cyberJack PC/SC COM Service (cjpcsc) - REINER SCT - C:\WINDOWS\system32\cjpcsc.exe
O23 - Service: Content Management Service (ContentMgrService) - ACE GmbH - C:\Programme\Videoload Manager\ContentManager.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c989f2dc95a87a) (gupdate1c989f2dc95a87a) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10783 bytes


Kann mir jemand weiter Helfen?

Schonmal Vielen Dank im Vorraus

Alt 25.04.2010, 14:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
unerwünschtes Programm 'TR/Agent.qazy.1472' - Standard

unerwünschtes Programm 'TR/Agent.qazy.1472'


Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 26.04.2010, 13:04   #3
Xara
 
unerwünschtes Programm 'TR/Agent.qazy.1472' - Standard

unerwünschtes Programm 'TR/Agent.qazy.1472'


So Hier der Malwarbyte log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4014

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10-04-26 13:54:21
mbam-log-2010-04-26 (13-54-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 217551
Laufzeit: 21 Stunde(n), 15 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
__________________
Alt 26.04.2010, 13:05   #4
Xara
 
unerwünschtes Programm 'TR/Agent.qazy.1472' - Standard

unerwünschtes Programm 'TR/Agent.qazy.1472'


Hier der erste OTL:

OTL Extras logfile created on: 10-04-26 14:00:43 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Peter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: DEU | Date Format: yy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 189.92 Gb Total Space | 10.76 Gb Free Space | 5.67% Space Free | Partition Type: NTFS
Drive D: | 41.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEDA
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ\Icq.exe" = C:\Programme\ICQ\Icq.exe:*:Enabled:ICQ -- (ICQ Inc.)
"C:\Spiele\The Lord of the Rings Online\lotroclient.exe" = C:\Spiele\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient -- File not found
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Spiele\Darkstar One\DarkStarOne.exe" = C:\Spiele\Darkstar One\DarkStarOne.exe:*:EnabledarkStar -- File not found
"C:\Programme\Codemasters\Der Herr de Ringe Online\lotroclient.exe" = C:\Programme\Codemasters\Der Herr de Ringe Online\lotroclient.exe:*:Enabled:lotroclient.exe -- File not found
"C:\Spiele\Hellgate London\Launcher.exe" = C:\Spiele\Hellgate London\Launcher.exe:*:Enabled:Hellgate: London -- (Flagship Studios)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Spiele\Pro Evolution Soccer 2008\PES2008.exe" = C:\Spiele\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008 -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Spiele\Pro Evolution Soccer 2010\pes2010.exe" = C:\Spiele\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Programme\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe" = C:\Programme\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:*:Enabled:Grand Theft Auto IV -- File not found
"C:\Programme\Mass Effect\Binaries\MassEffect.exe" = C:\Programme\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"C:\Programme\Mass Effect\MassEffectLauncher.exe" = C:\Programme\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{08F8FD7C-44A5-4423-B87C-EBD3D94C9F87}" = Vampire - The Masquerade Bloodlines
"{111E336D-30BF-4CD4-8D69-4541732AFB27}" = Peter Jackson's King Kong - The Official Game of the Movie
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{475E0AAF-8865-4D39-AFBF-A8EB447D3D17}" = IKEA HomePlanner Office
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}" = CrissCross 8.00
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7D71FCA2-DB4A-497D-AF6F-B0D88DA92F88}" = FEAR SP Demo
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A111D34B-7021-44CE-BEFB-3C17688F463B}" = SoulSeekkor's TQ Defiler
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B4455D-1046-4732-BFBC-0821BEFC07BC}" = Hellgate: London
"{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}" = Dark Messiah
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D8D8B308-B172-43DB-96F1-6A3F84851D61}" = iTunes Art Importer
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"Age of Empires 2.0" = Microsoft Age of Empires II
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"Beyond Good and Evil_is1" = Beyond Good and Evil
"Bink and Smacker" = Bink and Smacker
"BPS MP3-WAV Converter_is1" = BPS MP3-WAV Converter version 5.0.0.0
"BVTech Photo Publisher" = BVTech Photo Publisher
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner (remove only)
"Chipcard master_is1" = Chipcard master 6.24
"CKM Gehörbildung" = CKM Gehörbildung
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CSCLIB" = Canon Camera Support Core Library
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"DirectVobSub" = DirectVobSub (remove only)
"DivX Content Uploader" = DivX Content Uploader
"Drakensang_is1" = Drakensang
"Dunkle Magie Mod" = Dunkle Magie Mod
"DVD Ripper Wizard" = DVD Ripper Wizard
"Easy MP3 Cutter_is1" = Easy MP3 Cutter 2.9
"EAX Unified" = EAX Unified
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"EOS Utility" = Canon Utilities EOS Utility
"Finale NotePad 2006" = Finale NotePad 2006
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"Hexenfeuermod" = Hexenfeuermod
"HijackThis" = HijackThis 2.0.2
"ICQ" = ICQ
"ie8" = Windows Internet Explorer 8
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{471BB1D9-6F59-4093-B46D-373772D5C111}" = Far Cry Demo
"Internet Explorer Security Plugin 2006" = Internet Explorer Security Plugin 2006
"Internet Security Add-On" = Internet Security Add-On
"IrfanView" = IrfanView (remove only)
"Klomanager Gold" = Klomanager Gold
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MixWDemo" = MixWDemo
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSNINST" = MSN
"Neophyte" = Neophyte
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Patch 1.2 zu: Dunkle Magie Mod" = Patch 1.2 zu: Dunkle Magie Mod
"Pest-Capture" = Pest-Capture
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Public Messenger ver 2.03" = Public Messenger ver 2.03
"QcDrv" = Logitech® Camera-Treiber
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Respawnmod" = Respawnmod
"Rune Halls of Valhalla Full Update_is1" = Rune Halls of Valhalla 1.08
"ScummVM Tools_is1" = ScummVM Tools 0.11.0
"Shady Midnight Demo 1.13" = Shady Midnight Demo 1.13
"Skype_is1" = Skype 2.5
"ST6UNST #1" = PCGH Oblivion-Tuner
"Steam App 12210" = Grand Theft Auto IV
"SysInfo" = Creative Systeminformationen
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ToolbarICQToolbar.ICQToolbarObjectIEToolbar" = ICQ Toolbar
"Totalcmd" = Total Commander (Remove or Repair)
"Video Access ActiveX Object" = Video Access ActiveX Object 2.07
"Videoload Manager" = Videoload Manager 1.0.1514
"VLC media player" = VLC media player 0.9.8a
"Warhammer Online - Age of Reckoning_is1" = Warhammer Online - Age of Reckoning
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Gothic Texture Patch - Freddy" = Freddy's Texture Patch BETA
"Lemmini" = Lemmini
"Move Media Player" = Move Media Player
"World of Warcraft Trial" = Probeversion von World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10-01-13 12:17:44 | Computer Name = PEDA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung GTAIV.exe, Version 1.0.0.4, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10-01-15 10:11:39 | Computer Name = PEDA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TOTALCMD.EXE, Version 6.5.4.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10-01-24 06:28:59 | Computer Name = PEDA | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.2627.0, faulting module
winword.exe, version 10.0.2627.0, fault address 0x00025f20.

Error - 10-01-24 06:29:10 | Computer Name = PEDA | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.2627.0, faulting module
winword.exe, version 10.0.2627.0, fault address 0x00025f20.

Error - 10-01-24 07:43:20 | Computer Name = PEDA | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application winword.exe, version 10.0.2627.0, faulting module
winword.exe, version 10.0.2627.0, fault address 0x00025f20.

Error - 10-01-31 15:24:20 | Computer Name = PEDA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 0.9.8.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10-01-31 15:27:40 | Computer Name = PEDA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 0.9.8.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 10-02-03 13:16:39 | Computer Name = PEDA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul liblibmpeg2_plugin.dll, Version 0.0.0.0, Fehleradresse 0x0001c2d1.

Error - 10-02-05 08:49:24 | Computer Name = PEDA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung autorun.exe, Version 0.0.0.0, fehlgeschlagenes
Modul autorun.exe, Version 0.0.0.0, Fehleradresse 0x00001173.

Error - 10-02-22 17:37:35 | Computer Name = PEDA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Picasa3.exe, Version 3.6.95.25, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 10-04-17 11:18:29 | Computer Name = PEDA | Source = Service Control Manager | ID = 7034
Description = Dienst "Hardware management services" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 10-04-20 16:31:40 | Computer Name = PEDA | Source = Service Control Manager | ID = 7034
Description = Dienst "Hardware management services" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 10-04-21 04:22:23 | Computer Name = PEDA | Source = Service Control Manager | ID = 7034
Description = Dienst "TCP/IP-NetBIOS-Hilfsprogramm" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 10-04-21 04:22:23 | Computer Name = PEDA | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Remote-Registrierung" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..

Error - 10-04-21 04:22:23 | Computer Name = PEDA | Source = Service Control Manager | ID = 7034
Description = Dienst "SSDP-Suchdienst" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 10-04-21 04:22:23 | Computer Name = PEDA | Source = Service Control Manager | ID = 7034
Description = Dienst "WebClient" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 10-04-21 04:22:34 | Computer Name = PEDA | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Remoteprozeduraufruf (RPC)" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
Millisekunden durchgeführt: Starten Sie den Computer neu..

Error - 10-04-21 04:38:07 | Computer Name = PEDA | Source = Service Control Manager | ID = 7034
Description = Dienst "Hardware management services" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 10-04-21 04:41:08 | Computer Name = PEDA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
nvata

Error - 10-04-26 07:57:44 | Computer Name = PEDA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
nvata


< End of report >

Alt 26.04.2010, 13:06   #5
Xara
 
unerwünschtes Programm 'TR/Agent.qazy.1472' - Standard

unerwünschtes Programm 'TR/Agent.qazy.1472'


Und da der 2.:

OTL logfile created on: 10-04-26 14:00:43 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Dokumente und Einstellungen\Peter\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: DEU | Date Format: yy-MM-dd

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 189.92 Gb Total Space | 10.76 Gb Free Space | 5.67% Space Free | Partition Type: NTFS
Drive D: | 41.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 5.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEDA
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Videoload Manager\ContentManager.exe (ACE GmbH)
PRC - C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\system32\cjpcsc.exe (REINER SCT)
PRC - C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Programme\totalcmd\TOTALCMD.EXE (C. Ghisler & Co.)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ContentMgrService) -- C:\Programme\Videoload Manager\ContentManager.exe (ACE GmbH)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (cjpcsc) -- C:\WINDOWS\system32\cjpcsc.exe (REINER SCT)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (ithsgt) -- C:\WINDOWS\system32\drivers\ithsgt.sys ()
DRV - (lilsgt) -- C:\WINDOWS\system32\drivers\lilsgt.sys ()
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH)
DRV - (SSHDRV85) -- C:\WINDOWS\system32\drivers\SSHDRV85.sys ()
DRV - (SSHDRV65) -- C:\WINDOWS\system32\drivers\SSHDRV65.sys ()
DRV - (cjusb) -- C:\WINDOWS\system32\drivers\cjusb.sys (REINER SCT)
DRV - (bizVSerial) -- C:\WINDOWS\system32\drivers\bizVSerialNT.sys (franson.biz)
DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking)
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ACEDRV06) -- C:\WINDOWS\system32\drivers\ACEDRV06.sys (Protect Software GmbH)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys ()
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: betteryoutube@ginatrapani.org:0.4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\Mozilla [2008-11-17 23:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010-04-24 21:24:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010-04-24 21:24:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010-04-14 09:20:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2009-12-27 11:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Extensions
[2009-12-27 11:27:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010-04-25 10:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\kxam6dpu.default\extensions
[2009-12-29 23:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Mozilla\Firefox\Profiles\kxam6dpu.default\extensions\betteryoutube@ginatrapani.org
[2010-04-25 10:19:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007-03-02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll
[2007-01-17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2006-08-17 13:48:40 | 000,719,064 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv415.dll
[2006-05-11 19:09:37 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npgcplug.dll
[2007-09-07 16:25:50 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll
[2005-04-27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll
[2007-09-07 15:46:48 | 000,098,968 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
[2010-04-01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010-04-01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010-04-01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010-04-01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010-04-01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2007-03-24 10:30:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Gemeinsame Dateien\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: () - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Programme\Video Access ActiveX Object\isadd.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Protection Bar) - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Programme\Video Access ActiveX Object\iesplugin.dll File not found
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Protection Bar) - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Programme\Video Access ActiveX Object\iesplugin.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTCheck] C:\Programme\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Mirabilis ICQ] C:\Programme\ICQ\ICQNet.exe ()
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [RAM Idle Professional] C:\Programme\RAM Idle LE\RAM_XP.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Programme\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: rare = C:\Programme\Video Access ActiveX Object\pmsnrr.exe File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} hxxp://www.flatcast.com/de/download/NpFv415.dll (Flatcast Viewer 4.15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Programme\Gemeinsame Dateien\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\inketype: DllName - C:\WINDOWS\system32\inketype.dll - C:\WINDOWS\System32\inketype.dll File not found
O22 - SharedTaskScheduler: {b292ec9f-a074-4115-8342-1f459702d8d2} - characterizing - C:\WINDOWS\System32\fyxkaah.dll File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-05-10 13:56:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1999-10-24 13:25:08 | 000,172,083 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1999-04-27 20:16:04 | 000,000,040 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2008-06-10 15:32:42 | 000,000,044 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-26 13:59:31 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe
[2010-04-21 21:52:12 | 000,000,000 | ---D | C] -- C:\Pluscore
[2010-04-21 10:29:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Peter\Anwendungsdaten\Malwarebytes
[2010-04-21 10:29:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-21 10:29:48 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-21 10:29:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010-04-21 10:29:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010-04-21 10:27:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010-04-21 10:27:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010-04-21 10:27:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010-04-21 10:27:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010-04-20 20:28:08 | 000,000,000 | ---D | C] -- C:\Programme\GOG.com
[2010-04-20 18:23:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Peter\Recent
[2010-04-13 20:02:06 | 000,000,000 | ---D | C] -- C:\Programme\Easy MP3 Cutter
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-04-26 14:02:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-04-26 13:59:46 | 000,001,901 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010-04-26 13:59:32 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Peter\Desktop\OTL.exe
[2010-04-26 13:57:33 | 000,262,558 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-04-26 13:57:24 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010-04-26 13:57:23 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-04-26 13:56:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-04-26 13:56:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-04-26 13:56:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-04-26 13:55:09 | 009,175,040 | -H-- | M] () -- C:\Dokumente und Einstellungen\Peter\NTUSER.DAT
[2010-04-26 13:55:09 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Peter\ntuser.ini
[2010-04-24 21:24:17 | 000,001,614 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010-04-22 20:34:50 | 000,142,357 | -H-- | M] () -- C:\treeinfo.wc
[2010-04-22 15:59:56 | 000,032,048 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010-04-22 01:11:30 | 000,150,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-04-21 22:30:45 | 000,000,339 | ---- | M] () -- C:\WINDOWS\profile.mp
[2010-04-21 21:52:12 | 000,000,068 | ---- | M] () -- C:\WINDOWS\pluscore.INI
[2010-04-21 21:52:11 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\MSC05MN.DLL
[2010-04-21 10:29:53 | 000,000,724 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-20 20:33:53 | 000,001,813 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Beyond Good and Evil.lnk
[2010-04-20 10:32:02 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Peter\Eigene Dateien\Default.rdp
[2010-04-17 16:39:56 | 000,001,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010-04-16 18:30:36 | 000,000,034 | ---- | M] () -- C:\WINDOWS\ckm.ini
[2010-04-16 14:10:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-04-15 23:27:39 | 000,055,625 | ---- | M] () -- C:\photo.htm
[2010-04-14 13:05:37 | 000,001,935 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010-04-13 20:02:08 | 000,000,703 | ---- | M] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Easy MP3 Cutter.lnk
[2010-03-30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-03-30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-04-24 21:24:17 | 000,001,614 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2010-04-21 21:52:31 | 000,022,784 | ---- | C] () -- C:\WINDOWS\MNS00006.TTF
[2010-04-21 21:52:31 | 000,000,339 | ---- | C] () -- C:\WINDOWS\profile.mp
[2010-04-21 21:52:11 | 000,000,068 | ---- | C] () -- C:\WINDOWS\pluscore.INI
[2010-04-21 21:52:11 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\MSC05MN.DLL
[2010-04-21 10:29:53 | 000,000,724 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-20 20:33:53 | 000,001,813 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Beyond Good and Evil.lnk
[2010-04-20 10:32:02 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Peter\Eigene Dateien\Default.rdp
[2010-04-17 16:39:56 | 000,001,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Warhammer Online - Age of Reckoning.lnk
[2010-04-15 23:27:39 | 000,055,625 | ---- | C] () -- C:\photo.htm
[2010-04-14 16:29:58 | 000,011,794 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\hs_err_pid3040.log
[2010-04-14 13:05:37 | 000,001,935 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010-04-13 22:44:04 | 000,012,195 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\hs_err_pid1452.log
[2010-04-13 20:02:08 | 000,000,703 | ---- | C] () -- C:\Dokumente und Einstellungen\Peter\Desktop\Easy MP3 Cutter.lnk
[2010-03-14 20:05:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010-01-31 19:21:22 | 000,000,034 | ---- | C] () -- C:\WINDOWS\ckm.ini
[2009-11-06 11:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009-09-17 15:28:39 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009-09-17 15:28:38 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009-03-23 23:08:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\apache.dll
[2009-02-26 13:36:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009-02-26 13:36:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2009-02-22 10:14:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-07-21 22:31:04 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2008-07-02 20:51:42 | 000,162,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\ithsgt.sys
[2008-07-02 20:51:41 | 000,012,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\lilsgt.sys
[2008-04-27 17:16:29 | 000,000,486 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008-03-19 12:34:32 | 000,000,297 | ---- | C] () -- C:\WINDOWS\game.ini
[2008-03-10 19:46:05 | 000,000,096 | ---- | C] () -- C:\WINDOWS\dinksmallwood.ini
[2007-12-23 19:38:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2007-11-06 16:27:00 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007-09-23 13:47:55 | 000,000,396 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2007-09-23 13:47:30 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\SerialXP.dll
[2007-09-23 13:47:30 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\win32com.dll
[2007-09-23 12:17:21 | 000,001,263 | ---- | C] () -- C:\WINDOWS\isxdlge2.ini
[2007-09-17 21:59:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007-08-09 11:55:18 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV85.sys
[2007-08-09 11:46:44 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV65.sys
[2007-05-22 14:00:44 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007-05-22 14:00:44 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007-03-17 16:14:01 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007-01-30 07:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006-12-18 16:44:10 | 000,000,235 | ---- | C] () -- C:\WINDOWS\KLETT.INI
[2006-12-12 18:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006-10-12 20:58:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006-10-12 20:58:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006-10-12 20:58:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006-10-12 20:58:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006-10-12 20:58:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006-10-12 20:58:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006-10-12 20:57:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2006-10-10 15:45:39 | 000,001,342 | ---- | C] () -- C:\WINDOWS\MixWDemo.INI
[2006-10-04 16:19:07 | 000,001,087 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-08-30 19:31:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\zSpy.INI
[2006-08-08 22:54:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006-08-08 22:54:37 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006-08-08 22:54:36 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006-06-21 18:08:54 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006-06-05 12:42:08 | 000,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006-06-05 12:42:08 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd2045.sys
[2006-06-05 12:35:23 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006-05-11 15:58:59 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006-05-11 13:28:42 | 000,089,267 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006-05-10 16:44:43 | 000,001,901 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2006-05-10 16:02:11 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006-05-10 14:05:15 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006-05-10 14:05:07 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006-05-10 14:03:53 | 000,004,096 | ---- | C] () -- C:\WINDOWS\gdrv.sys
[2006-03-09 15:29:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-03-09 15:29:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005-04-28 06:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005-04-28 06:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002-09-06 18:36:16 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1997-06-14 10:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:ECF5194F
@Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B606BA34
< End of report >


Alt 26.04.2010, 13:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
unerwünschtes Programm 'TR/Agent.qazy.1472' - Standard

unerwünschtes Programm 'TR/Agent.qazy.1472'


Zitat:
Datenbank Version: 4014
Du hättest Malwarebytes vor dem Vollscan aktualisieren müssen. Bitte nachholen und dann den Vollscan wiederholen.
__________________
--> unerwünschtes Programm 'TR/Agent.qazy.1472'

Antwort

Themen zu unerwünschtes Programm 'TR/Agent.qazy.1472'
antivir, antivir guard, avira, bho, bonjour, browser, canon, cdburnerxp, desktop, excel, firefox, frage, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, mozilla, mozilla thunderbird, object, picasa, plug-in, programm, software, system, trojan, virus, wenig ahnung, windows, windows xp


« TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels | Error Code -2147023174 »


Ähnliche Themen: unerwünschtes Programm 'TR/Agent.qazy.1472'


  1. McAffe hat ein unerwünschtes Programm gefunden: Crossrider
    Log-Analyse und Auswertung - 07.10.2015 (13)
  2. Avira : unerwünschtes Programm `TR/ATRAPS.Gen` wurde Blockiert
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (14)
  3. Windows Vista SP2 64-bit - Virus / unerwünschtes Programm?
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (9)
  4. Plötzlich unerwünschtes Programm installiert
    Log-Analyse und Auswertung - 19.03.2014 (11)
  5. unerwünschtes Programm TR\ATRAPS.Gen2
    Log-Analyse und Auswertung - 29.01.2013 (3)
  6. Unerwünschtes Programm oder Virus gefunden
    Log-Analyse und Auswertung - 12.01.2013 (7)
  7. Trojaner?Unerwünschtes Programm
    Alles rund um Windows - 15.03.2012 (1)
  8. Trojaner, Virus, unerwünschtes Programm an Bord
    Plagegeister aller Art und deren Bekämpfung - 19.03.2011 (1)
  9. Unerwünschtes Programm?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (1)
  10. unerwünschtes Programm 'TR/Spy.Banker.AG.1' [trojan] gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (17)
  11. TR/Agent.qazy.1472 & TR/Trash.gen die Streitrosse des Teufels
    Log-Analyse und Auswertung - 26.04.2010 (32)
  12. Verdacht auf unerwünschtes Programm!
    Log-Analyse und Auswertung - 20.04.2010 (15)
  13. System32\kbdqelt.dll Virus oder unerwünschtes Programm TR/Agent.ruo [trojan] gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (4)
  14. unerwünschtes Programm 'TR/FraudPack.TNB.9' gefunden.
    Log-Analyse und Auswertung - 30.09.2009 (3)
  15. AntiVir findet Virus oder unerwünschtes Programm TR/Agent.105720
    Plagegeister aller Art und deren Bekämpfung - 25.02.2009 (3)
  16. Antivir hat Virus oder unerwünschtes Programm gefunden "BDS/Agent.ZNC"
    Log-Analyse und Auswertung - 05.09.2008 (13)
  17. wurde ein Virus oder unerwünschtes Programm 'BDS/Agent.elw'
    Log-Analyse und Auswertung - 18.02.2008 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema unerwünschtes Programm 'TR/Agent.qazy.1472' - Hallihallo, Ich habe heute nacht die Meldung von meinem AntiVir bekommen: In der Datei 'C:\System Volume Information\_restore{258E27A8-5507-4975-970F-97D14FE5681F}\RP1092\A0283887.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Agent.qazy.1472' [trojan] gefunden. Da ich relativ wenig - unerwünschtes Programm 'TR/Agent.qazy.1472'...
Archiv
Du betrachtest: unerwünschtes Programm 'TR/Agent.qazy.1472' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131