|
Plagegeister aller Art und deren Bekämpfung: TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes AuswertungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.09.2010, 18:35 | #76 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes AuswertungCombofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lösche die Combo-Fix.exe auf dem Desktop und lade ComboFix von einem der unten aufgeführten Links erneut herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**
|
20.09.2010, 22:12 | #77 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes AuswertungCode:
ATTFilter ComboFix 10-09-20.01 - HP_Besitzer 20.09.2010 22:49:38.5.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.446.240 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((( Dateien erstellt von 2010-08-20 bis 2010-09-20 )))))))))))))))))))))))))))))) . 2010-09-19 20:16 . 2010-09-20 18:28 -------- d-----w- c:\windows\system32\xmldm 2010-09-14 17:43 . 2010-09-14 17:43 77 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_E48F4F4FF408A9E4487D3C24380F80F8.dll 2010-09-14 17:43 . 2010-09-14 17:43 1180 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_F65865963B6B0EB4ABB0F894B53E0233.dll 2010-09-14 17:43 . 2010-09-14 17:43 10 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_F60730A4A66673047777F5728467D401.dll 2010-09-14 17:43 . 2010-09-14 17:43 3952 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_8FA009BE16CC51E478B1891DAEE30852.dll 2010-09-14 17:43 . 2010-09-14 17:43 566 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2F44939A4D2D0574FB7EA982F8AE2FFC.dll 2010-09-14 17:43 . 2010-09-14 17:43 27 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_4EA42A62D9304AC4784BF238120602FF.dll 2010-09-12 14:59 . 2010-09-12 14:59 -------- d-----w- c:\programme\7-Zip 2010-09-05 16:06 . 2010-09-05 16:07 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Apple Computer 2010-09-05 15:47 . 2010-09-11 07:17 -------- d-----w- C:\AVZ 2010-09-04 17:41 . 2010-09-04 17:41 -------- d-----w- c:\programme\Secunia 2010-09-04 17:16 . 2010-09-04 17:16 503808 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42892712-n\msvcp71.dll 2010-09-04 17:16 . 2010-09-04 17:16 499712 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42892712-n\jmc.dll 2010-09-04 17:16 . 2010-09-04 17:16 348160 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42892712-n\msvcr71.dll 2010-09-04 17:16 . 2010-09-04 17:16 12800 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-12c99582-n\decora-d3d.dll 2010-09-04 17:16 . 2010-09-04 17:16 61440 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-12c99582-n\decora-sse.dll 2010-09-04 17:16 . 2010-09-04 17:16 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-09-04 17:14 . 2010-09-04 17:57 79488 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\jre1.6.0_20\gtapi.dll 2010-09-04 17:14 . 2010-09-04 17:57 152576 ----a-w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\jre1.6.0_20\lzma.dll 2010-09-04 17:02 . 2010-09-04 17:02 45056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-09-04 17:02 . 2010-09-04 17:02 45056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-09-04 17:02 . 2010-09-04 17:02 45056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-09-04 17:02 . 2010-09-04 17:02 45056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-09-04 17:02 . 2010-09-04 17:02 49152 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-09-04 17:02 . 2010-09-04 17:02 308808 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-09-04 17:02 . 2010-09-04 17:02 40960 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-09-04 17:02 . 2010-09-04 17:02 14848 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll 2010-09-04 17:02 . 2010-09-04 17:02 341600 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-09-04 17:01 . 2010-09-04 17:01 -------- d-----w- c:\programme\Gemeinsame Dateien\xing shared 2010-09-04 16:51 . 2010-09-04 16:51 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple 2010-09-04 16:50 . 2010-09-04 16:50 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Apple 2010-09-04 16:49 . 2010-09-04 16:49 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Apple Computer 2010-09-04 16:19 . 2010-09-04 16:19 -------- d-----w- c:\programme\CCleaner 2010-08-30 20:59 . 2010-08-30 21:31 -------- d-----w- C:\Combo-Fix 2010-08-29 18:11 . 2010-08-29 18:11 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes 2010-08-29 18:10 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-29 18:10 . 2010-08-29 18:10 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-08-29 18:10 . 2010-08-29 19:47 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-08-29 18:10 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-22 16:26 . 2010-08-22 16:26 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Help 2010-08-22 16:11 . 2010-08-22 16:11 799 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2425543A0EAD32542824DF2807A6FBB4.dll 2010-08-22 15:06 . 2010-09-04 16:17 -------- d-----w- c:\programme\Unlocker . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-20 17:25 . 2006-11-19 11:48 -------- d-----w- c:\programme\PokerStars 2010-09-19 20:04 . 2005-01-01 19:11 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared 2010-09-14 17:43 . 2010-08-22 16:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan 2010-09-11 17:31 . 2009-04-18 15:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\BSW 2010-09-04 18:24 . 2006-05-06 15:53 -------- d-----w- c:\programme\Mozilla Thunderbird 2010-09-04 18:06 . 2009-02-07 17:13 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Thunderbird 2010-09-04 17:16 . 2005-01-01 18:29 -------- d-----w- c:\programme\Gemeinsame Dateien\Java 2010-09-04 17:15 . 2004-11-02 18:10 64650 ----a-w- c:\windows\system32\perfc007.dat 2010-09-04 17:15 . 2004-11-02 18:10 392842 ----a-w- c:\windows\system32\perfh007.dat 2010-09-04 17:02 . 2005-01-01 18:55 -------- d-----w- c:\programme\Gemeinsame Dateien\Real 2010-09-04 17:01 . 2005-01-01 18:55 -------- d-----w- c:\programme\Real 2010-09-04 16:52 . 2007-09-24 18:57 -------- d-----w- c:\programme\QuickTime 2010-09-04 16:50 . 2007-09-24 18:56 -------- d-----w- c:\programme\Apple Software Update 2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Uniblue 2010-08-29 14:52 . 2010-06-06 17:46 -------- d-----w- c:\programme\Uniblue 2010-08-22 16:26 . 2010-08-22 16:11 -------- d-----w- c:\programme\Security Task Manager 2010-08-22 16:11 . 2010-08-22 16:11 57 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_200845A2240938042A076B4737ED0137.dll 2010-08-22 16:11 . 2010-08-22 16:11 116 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_20481667D97199646AB63D155C4963CB.dll 2010-08-22 16:11 . 2010-08-22 16:11 10 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_24E9EE35BCEC29C4FB67C96AD5FAF8C1.dll 2010-08-22 16:11 . 2010-08-22 16:11 6205 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1FCF3F43B71816D46BFA919D84A6EF0A.dll 2010-08-22 16:11 . 2010-08-22 16:11 699 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1E32C765085758148B2C0308657792C7.dll 2010-08-22 16:11 . 2010-08-22 16:11 55 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0FF2F75B52A523345B3054293B070CF2.dll 2010-08-22 16:11 . 2010-08-22 16:11 3356 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1F972D4B9034cc944A5BA3D0E2957C5B.dll 2010-08-22 16:11 . 2010-08-22 16:11 210 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll 2010-08-22 16:11 . 2010-08-22 16:11 2056 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_06AFB87E393583C428BA8E10E964E44B.dll 2010-08-22 16:11 . 2010-08-22 16:11 1055 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D227AB21D84E6041932A85E34D136FE.dll 2010-08-22 16:11 . 2010-08-22 16:11 58 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll 2010-08-22 16:11 . 2010-08-22 16:11 833 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll 2010-08-22 14:19 . 2010-08-21 12:36 -------- d-----w- c:\programme\iKnowPS 2010-08-19 13:56 . 2010-08-19 13:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fighters 2010-08-19 13:55 . 2010-08-19 13:55 -------- d-----w- c:\programme\Fighters 2010-08-17 13:17 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-07-22 15:48 . 2004-08-04 04:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll 2010-07-07 14:05 . 2010-07-07 14:05 14904 ----a-w- c:\windows\system32\drivers\psi_mf.sys 2010-07-01 20:12 . 2010-07-01 20:12 112 ----a-w- c:\windows\system32\srvblck2.tmp 2010-06-30 12:28 . 2004-08-04 04:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2004-08-04 04:00 1852032 ------w- c:\windows\system32\win32k.sys . ((((((((((((((((((((((((((((( SnapShot@2010-08-31_17.05.03 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-20 16:54 . 2010-09-20 16:54 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat - 2010-07-06 18:51 . 2010-02-22 14:22 18808 c:\windows\system32\spmsg.dll + 2010-07-06 18:51 . 2009-05-26 09:01 18808 c:\windows\system32\spmsg.dll - 2004-11-02 18:10 . 2010-08-18 13:06 53572 c:\windows\system32\perfc009.dat + 2004-11-02 18:10 . 2010-09-04 17:15 53572 c:\windows\system32\perfc009.dat + 2010-08-17 13:17 . 2010-08-17 13:17 58880 c:\windows\system32\dllcache\spoolsv.exe + 2010-09-04 17:01 . 2010-09-04 17:01 20480 c:\windows\Installer\51cbbf.msi + 2010-09-04 16:50 . 2010-09-04 16:50 27136 c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe + 2010-09-04 17:01 . 2010-09-04 17:01 5632 c:\windows\system32\pndx5032.dll - 2005-01-01 18:55 . 2005-01-01 18:55 5632 c:\windows\system32\pndx5032.dll + 2010-09-04 17:01 . 2010-09-04 17:01 6656 c:\windows\system32\pndx5016.dll - 2005-01-01 18:55 . 2005-01-01 18:55 6656 c:\windows\system32\pndx5016.dll + 2009-07-11 23:12 . 2009-07-11 23:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll + 2009-07-11 23:09 . 2009-07-11 23:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll + 2009-07-11 23:08 . 2009-07-11 23:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll - 2004-08-04 04:00 . 2008-04-14 02:22 293888 c:\windows\system32\winsrv.dll + 2004-08-04 04:00 . 2010-06-18 17:44 293888 c:\windows\system32\winsrv.dll + 2004-08-04 04:00 . 2010-04-16 15:36 406016 c:\windows\system32\usp10.dll - 2004-08-04 04:00 . 2008-04-14 02:22 406016 c:\windows\system32\usp10.dll + 2010-09-04 17:02 . 2010-09-04 17:02 185920 c:\windows\system32\rmoc3260.dll + 2005-01-01 18:55 . 2010-09-04 17:01 278528 c:\windows\system32\pncrt.dll - 2005-01-01 18:55 . 2005-01-01 18:55 278528 c:\windows\system32\pncrt.dll + 2004-11-02 18:10 . 2010-09-04 17:15 381828 c:\windows\system32\perfh009.dat - 2004-11-02 18:10 . 2010-08-18 13:06 381828 c:\windows\system32\perfh009.dat + 2006-10-18 19:47 . 2010-03-30 10:24 317440 c:\windows\system32\mp4sdecd.dll - 2006-10-18 19:47 . 2006-10-18 19:47 317440 c:\windows\system32\MP4SDECD.dll + 2010-08-29 15:22 . 2010-09-04 17:53 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe - 2010-08-29 15:22 . 2010-08-29 15:22 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe + 2010-09-04 17:16 . 2010-09-04 17:16 153376 c:\windows\system32\javaws.exe + 2010-09-04 17:16 . 2010-09-04 17:16 145184 c:\windows\system32\javaw.exe + 2010-09-04 17:16 . 2010-09-04 17:16 145184 c:\windows\system32\java.exe + 2004-08-04 04:00 . 2010-06-09 07:43 692736 c:\windows\system32\inetcomm.dll + 2010-06-18 17:44 . 2010-06-18 17:44 293888 c:\windows\system32\dllcache\winsrv.dll + 2010-04-16 15:36 . 2010-04-16 15:36 406016 c:\windows\system32\dllcache\usp10.dll + 2009-04-15 14:51 . 2010-07-22 15:48 590848 c:\windows\system32\dllcache\rpcrt4.dll + 2010-03-30 10:24 . 2010-03-30 10:24 317440 c:\windows\system32\dllcache\mp4sdecd.dll + 2009-02-08 14:09 . 2010-06-09 07:43 692736 c:\windows\system32\dllcache\inetcomm.dll + 2010-09-04 17:16 . 2010-09-04 17:16 180224 c:\windows\Installer\6887c9.msi + 2010-09-04 17:16 . 2010-09-04 17:16 577536 c:\windows\Installer\6887c3.msi + 2010-09-04 16:51 . 2010-09-04 16:51 807936 c:\windows\Installer\51c981.msi + 2009-07-18 03:21 . 2010-09-04 17:53 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll - 2009-07-18 03:21 . 2010-08-29 15:22 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll + 2010-09-04 16:52 . 2010-09-04 16:52 9472000 c:\windows\Installer\51cbb4.msi + 2010-09-04 16:50 . 2010-09-04 16:50 1549312 c:\windows\Installer\51c97b.msi + 2009-02-09 18:38 . 2010-09-15 18:53 35552200 c:\windows\system32\MRT.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152] "avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-08-10 421888] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040] "TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-09-04 202256] c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmen\Programme\Autostart\ Secunia PSI.lnk - c:\programme\Secunia\PSI\psi.exe [2010-7-21 965176] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Action Manager 32.lnk - c:\programme\ScannerU\AM32.exe [2006-12-26 69632] Gigaset WLAN Adapter Monitor.lnk - c:\programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe [2004-6-4 327680] HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624] Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programme\\Mozilla Firefox\\firefox.exe"= S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07.07.2010 16:05 14904] S3 SE4501D;Gigaset USB Adapter 54 Driver;c:\windows\system32\drivers\SE4501D.sys [07.02.2009 15:39 379232] . Inhalt des "geplante Tasks" Ordners 2010-09-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job - c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] 2010-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job - c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02] . . ------- Zusätzlicher Suchlauf ------- . IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2010-09-20 22:57 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(816) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1504) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Zeit der Fertigstellung: 2010-09-20 23:00:54 ComboFix-quarantined-files.txt 2010-09-20 21:00 ComboFix2.txt 2010-09-03 17:09 Vor Suchlauf: 16 Verzeichnis(se), 133.849.751.552 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 133.879.681.024 Bytes frei - - End Of File - - FE891A47804F0D458A0D56717FC277E0 |
22.09.2010, 19:18 | #78 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Downloade OTS.exe und speichere es unbedingt auf Deinem Desktop. Doppelklick auf die OTS.exe
__________________Wenn Dein Anti-Viren-Programm bei OTS Meldung macht, erlaube es.
Code:
ATTFilter %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\ws2help.dll /md5 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
|
22.09.2010, 21:12 | #79 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung ots: Code:
ATTFilter OTS logfile created on: 22.09.2010 21:30:01 - Run 2 OTS by OldTimer - Version 3.1.38.1 Folder = C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 446,00 Mb Total Physical Memory | 212,00 Mb Available Physical Memory | 47,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 143,45 Gb Total Space | 124,74 Gb Free Space | 86,96% Space Free | Partition Type: NTFS Drive D: | 5,59 Gb Total Space | 0,50 Gb Free Space | 9,03% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NAME-CD5FDA878D Current User Name: HP_Besitzer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTS.exe -> [2010.09.22 20:54:30 | 000,641,536 | ---- | M | MD5 = 9A719DC92BA73362621B65ABE6B0289D] (OldTimer Tools) realsched.exe -> C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -> [2010.09.04 19:01:23 | 000,202,256 | ---- | M | MD5 = 9ACE8ECDB1EBC519F48AA65DE5875573] (RealNetworks, Inc.) jucheck.exe -> C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe -> [2010.02.18 11:43:20 | 000,490,728 | ---- | M | MD5 = D4DDB8CF58103E8CE8E99101C467C979] (Sun Microsystems, Inc.) jusched.exe -> C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe -> [2010.02.18 11:43:18 | 000,248,040 | ---- | M | MD5 = 52DB6CDAC5BC7A1FC884E97C41C91213] (Sun Microsystems, Inc.) sched.exe -> C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008.10.15 14:31:50 | 000,068,865 | ---- | M | MD5 = D6C8942BEA3698A2E7559BD423BFA5D7] (Avira GmbH) avguard.exe -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008.10.15 14:29:58 | 000,151,297 | ---- | M | MD5 = 335A142923FE7F97E8C8388ACD067568] (Avira GmbH) avgnt.exe -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008.06.12 14:28:40 | 000,266,497 | ---- | M | MD5 = 6E812818306D460D62B4ABEA9FDC6679] (Avira GmbH) explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E] (Microsoft Corporation) gigasetusbmonitor.exe -> C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe -> [2004.06.04 12:53:00 | 000,327,680 | ---- | M | MD5 = DB9CE9C2FBBA95533D5CFEA24F06B456] () [Modules - Safe List] ots.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTS.exe -> [2010.09.22 20:54:30 | 000,641,536 | ---- | M | MD5 = 9A719DC92BA73362621B65ABE6B0289D] (OldTimer Tools) msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008.04.14 04:21:06 | 000,110,592 | ---- | M | MD5 = 8354A33FC0CD75F34D310B7EE8CBD621] (Microsoft Corporation) [Win32 Services - Safe List] (Automatisches LiveUpdate - Scheduler) Automatisches LiveUpdate - Scheduler [Auto | Stopped] -> C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found (AppMgmt) Anwendungsverwaltung [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found (AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Planer [Auto | Running] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008.10.15 14:31:50 | 000,068,865 | ---- | M | MD5 = D6C8942BEA3698A2E7559BD423BFA5D7] (Avira GmbH) (AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Auto | Running] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008.10.15 14:29:58 | 000,151,297 | ---- | M | MD5 = 335A142923FE7F97E8C8388ACD067568] (Avira GmbH) (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004.10.22 11:24:18 | 000,073,728 | ---- | M | MD5 = 6F95324909B502E2651442C1548AB12F] (Macrovision Corporation) (Pml Driver HPZ12) Pml Driver HPZ12 [Boot | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2004.09.29 20:14:36 | 000,069,632 | ---- | M | MD5 = 9D84376931440F3679BEEF2A414FA493] (HP) [Driver Services - Safe List] (catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOKUME~1\HP_BES~1.NAM\LOKALE~1\Temp\catchme.sys -> File not found (PSI) PSI [File_System | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\psi_mf.sys -> [2010.07.07 16:05:32 | 000,014,904 | ---- | M | MD5 = 1DF21F001F3A94EBA4A2950C70CC358F] (Secunia) (avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009.05.30 17:42:50 | 000,075,096 | ---- | M | MD5 = 0B09DF022250FB7BA91FB932EAC6EA9B] (Avira GmbH) (avgntflt) avgntflt [File_System | On_Demand | Running] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2009.05.30 17:41:23 | 000,052,056 | ---- | M | MD5 = FCB30820BED1D3FEB55E3DD55A3F947F] (Avira GmbH) (avgio) avgio [Kernel | System | Running] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2009.05.30 17:41:14 | 000,011,608 | ---- | M | MD5 = 87828ECD657F81503465AC705E845076] (Avira GmbH) (ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2007.11.08 19:03:26 | 000,021,248 | ---- | M | MD5 = 71D609C5DFF067906D930BDE031C4CFE] (AVIRA GmbH) (AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AvgArCln.sys -> [2007.01.18 14:00:28 | 000,003,968 | ---- | M | MD5 = EC08D1625F5C6CF2A57B79EB35186F8C] (GRISOFT, s.r.o.) (Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005.12.13 01:27:00 | 000,019,072 | ---- | M | MD5 = 390C204CED3785609AB24E9C52054A84] (Hewlett-Packard Company) (RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtnicxp.sys -> [2005.09.30 20:11:42 | 000,078,720 | ---- | M | MD5 = 7889E3981E0A5D347E037ABD467D53A5] (Realtek Semiconductor Corporation ) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2005.08.30 00:11:00 | 003,644,928 | ---- | M | MD5 = 7F26D024355CBADB60838F53DFB171EC] (Realtek Semiconductor Corp.) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005.08.14 07:35:54 | 001,313,792 | ---- | M | MD5 = 7A6CF9F411A9C5BD5C442A1CD46AF401] (ATI Technologies Inc.) (AmdK8) AMD-Prozessortreiber [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2005.03.09 22:53:00 | 000,043,008 | ---- | M | MD5 = 769844EB65DF6A62AA51B886290FE51D] (Advanced Micro Devices) (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004.08.03 22:31:34 | 000,020,992 | ---- | M | MD5 = D507C1400284176573224903819FFDA3] (Realtek Semiconductor Corporation) (SE4501D) Gigaset USB Adapter 54 Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SE4501D.sys -> [2004.06.02 03:43:00 | 000,379,232 | R--- | M | MD5 = 8DC9CF101D175A1DAF2FD917E19A68B1] (Siemens AG) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\: "ProxyEnable" -> 0 -> < FireFox Settings [Prefs.js] > -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\FireFox\Profiles\qcaul68r.default\prefs.js -> browser.startup.homepage -> "hxxp://erotik.freenet.de/freenet/index.html" -> extensions.enabledItems -> {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5 -> extensions.enabledItems -> jqs@sun.com:1.0 -> extensions.enabledItems -> {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\Firefox\extensions -> -> HKLM\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} -> C:\WINDOWS\system32\5005 [C:\WINDOWS\SYSTEM32\5005] -> [2010.07.01 22:12:52 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components -> C:\Programme\Mozilla Firefox\components [C:\PROGRAMME\MOZILLA FIREFOX\COMPONENTS] -> [2010.09.19 17:03:40 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins -> C:\Programme\Mozilla Firefox\plugins [C:\PROGRAMME\MOZILLA FIREFOX\PLUGINS] -> [2010.09.19 17:03:40 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions -> -> HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components -> C:\Programme\Mozilla Thunderbird\components [C:\PROGRAMME\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010.09.04 20:24:08 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins -> C:\PROGRAMME\MOZILLA THUNDERBIRD\PLUGINS -> < FireFox Extensions [User Folders] > -> -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\Extensions -> [2010.09.04 20:06:40 | 000,000,000 | ---D | M] No name found -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010.09.04 20:06:40 | 000,000,000 | ---D | M] -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\Firefox\Profiles\qcaul68r.default\extensions -> [2010.09.22 19:03:53 | 000,000,000 | ---D | M] CookieSafe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\Firefox\Profiles\qcaul68r.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} -> [2009.02.07 21:01:51 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Programme\Mozilla Firefox\extensions -> [2010.09.22 19:03:53 | 000,000,000 | ---D | M] Java Console -> C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010.09.04 19:16:29 | 000,000,000 | ---D | M] < HOSTS File > ([2010.09.03 19:05:08 | 000,000,027 | ---- | M | MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> Reset Hosts 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2004.12.14 09:56:50 | 000,063,136 | ---- | M | Unable to obtain MD5] (Adobe Systems Incorporated) {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Anmelde-Hilfsprogramm] -> [2009.01.22 16:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\Programme\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\Programme\Google\GoogleToolbar1.dll [&Google] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.) < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\Programme\Google\GoogleToolbar1.dll [&Google] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.) WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "avgnt" -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008.06.12 14:28:40 | 000,266,497 | ---- | M | MD5 = 6E812818306D460D62B4ABEA9FDC6679] (Avira GmbH) "HPBootOp" -> C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2005.11.10 02:29:16 | 000,249,856 | ---- | M | MD5 = 42DCC44CF5FA41100D7A5BE01D866180] (Hewlett-Packard Company) "HPHUPD08" -> c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe] -> [2005.06.02 08:35:56 | 000,049,152 | ---- | M | MD5 = 4F113169A2DE985D043A5530987AD6D0] (Hewlett-Packard) "Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005.07.22 23:14:00 | 000,237,568 | ---- | M | MD5 = F3EAEA279F09A7779C18793C87640794] () "SunJavaUpdateSched" -> C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe ["C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"] -> [2010.02.18 11:43:18 | 000,248,040 | ---- | M | MD5 = 52DB6CDAC5BC7A1FC884E97C41C91213] (Sun Microsystems, Inc.) "TkBellExe" -> C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe ["C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot] -> [2010.09.04 19:01:23 | 000,202,256 | ---- | M | MD5 = 9ACE8ECDB1EBC519F48AA65DE5875573] (RealNetworks, Inc.) < All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Action Manager 32.lnk -> C:\Programme\ScannerU\AM32.exe -> [2003.11.26 22:43:50 | 000,069,632 | ---- | M | MD5 = C4666FCCC6C5CA3293793BC46BC19347] () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk -> C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe -> [2004.06.04 12:53:00 | 000,327,680 | ---- | M | MD5 = DB9CE9C2FBBA95533D5CFEA24F06B456] () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office\OSA9.EXE -> [1999.02.17 23:05:56 | 000,065,588 | ---- | M | MD5 = 42C7AE295C038DCD406C38A535E33840] (Microsoft Corporation) < Default User Startup Folder > -> C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart -> < HP_Besitzer - alt Startup Folder > -> C:\Dokumente und Einstellungen\HP_Besitzer - alt\Startmenü\Programme\Autostart -> < HP_Besitzer.NAME-CD5FDA878D Startup Folder > -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmenü\Programme\Autostart -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmenü\Programme\Autostart\Secunia PSI.lnk -> C:\Programme\Secunia\PSI\psi.exe -> [2010.07.21 13:43:54 | 000,965,176 | ---- | M | MD5 = E838BE73C6946B39705A376BF821B3B5] (Secunia) < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"HonorAutoRunSetting" -> [1] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google-Suche -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.) &Ins Deutsche übersetzen -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.) Ähnliche Seiten -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.) Im Cache gespeicherte Seite -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.) Verweisseiten -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Hilfe zu Verbindungen] -> [2005.01.01 21:04:22 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] () {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Hilfe zu Verbindungen] -> [2005.01.01 21:04:22 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] () < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Hilfe zu Verbindungen] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Hilfe zu Verbindungen] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Hilfe zu Verbindungen] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> hxxp:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Java Plug-in 1.5.0_05] -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {74037B92-63E7-40CD-96A6-F0EF1D14DABA}\\DhcpNameServer -> 15.243.128.51 15.243.160.51 (Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC) -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E] (Microsoft Corporation) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2005.08.14 07:30:44 | 000,046,080 | ---- | M | MD5 = 92AF7C28C332C1AA1D9F1ED46CCEA7A2] (ATI Technologies Inc.) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "C:\Programme\Windows Live\Messenger\wlcsdk.exe" -> C:\Programme\Windows Live\Messenger\wlcsdk.exe [C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009.02.06 19:21:00 | 000,583,024 | ---- | M | MD5 = 385806015ADB90796A529201DBFF15A5] (Microsoft Corporation) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Programme\Windows Live\Sync\WindowsLiveSync.exe [C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009.07.26 13:05:30 | 001,169,224 | ---- | M | MD5 = F12BC57A34FA372F85FB1B6A2FE8C4A3] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe [C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005.05.11 05:34:02 | 000,151,635 | ---- | M | MD5 = 6D6C0F58E648BDADDB9B19C25D66C5A4] (Hewlett-Packard) "C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Programme\HP\Digital Imaging\bin\hpoews01.exe [C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2005.06.03 18:06:04 | 000,057,344 | ---- | M | MD5 = B7DA04642686A2CD6EEB98075FE30389] (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe [C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2005.06.03 17:50:00 | 000,225,280 | ---- | M | MD5 = E57907B5BE8A377202F20C1B112BCC92] (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Programme\HP\Digital Imaging\bin\hposfx08.exe [C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2005.06.03 17:50:14 | 000,040,960 | ---- | M | MD5 = 371745D60E48B22A4119187C42B030F3] (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hposid01.exe" -> C:\Programme\HP\Digital Imaging\bin\hposid01.exe [C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2005.06.03 17:45:46 | 000,081,920 | ---- | M | MD5 = 5D01C6843C5F863C915A0E168470A703] (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe [C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2005.06.03 18:12:34 | 000,172,032 | ---- | M | MD5 = 944705832CB725BE512AA0FC3D733A10] (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2005.06.03 17:51:06 | 000,458,752 | ---- | M | MD5 = 7C04BF2E66481DC21E47BB7EB6F34E0A] (Hewlett-Packard Co.) "C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2005.09.16 08:34:18 | 000,733,184 | ---- | M | MD5 = 5E92E63936FC6662D484C8F6D8D866E0] ( ) "C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2005.09.16 08:29:38 | 000,421,888 | ---- | M | MD5 = 6F92CFB9EA89EFA0F2E6FAA54C47B0FF] () "C:\Programme\Mozilla Firefox\firefox.exe" -> C:\Programme\Mozilla Firefox\firefox.exe [C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2010.09.19 17:03:31 | 000,910,296 | ---- | M | MD5 = A26898623D61508C2FA3F5672C11FA5D] (Mozilla Corporation) "C:\Programme\Windows Live\Messenger\wlcsdk.exe" -> C:\Programme\Windows Live\Messenger\wlcsdk.exe [C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009.02.06 19:21:00 | 000,583,024 | ---- | M | MD5 = 385806015ADB90796A529201DBFF15A5] (Microsoft Corporation) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Programme\Windows Live\Sync\WindowsLiveSync.exe [C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009.07.26 13:05:30 | 001,169,224 | ---- | M | MD5 = F12BC57A34FA372F85FB1B6A2FE8C4A3] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM-Laufwerktreiber -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004.11.02 20:05:56 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] () D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001.07.27 15:07:38 | 000,000,000 | -HS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> [Registry - Additional Scans - Safe List] < ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Programme\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2010.04.12 18:35:02 | 000,270,336 | ---- | M | MD5 = 82CD9719A11D9FEF7CA751DA31651158] (Sun Microsystems, Inc.) {10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 01 00 00 00 [binary data]] -> File not found {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] -> [ComponentID: NetShow; IsInstalled: 1] -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] -> {283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found {2A3320D6-C805-4280-B423-B665BDE33D8F} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Security Update (KB979906); IsInstalled: 1] -> File not found {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> {36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML-Datenbindung für Java; IsInstalled: 1] -> File not found {3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found {3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Uniscribe; IsInstalled: 1] -> File not found {411EDCF7-755D-414E-A74B-3DCD6583F589} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Service Pack 1 (KB867460); IsInstalled: 1] -> File not found {4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Erweitertes Authoring; IsInstalled: 1] -> File not found {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00 [binary data]] -> {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found {44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found {45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found {4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found {4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.8; IsInstalled: 1] -> File not found {5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] -> {5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found {5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found {6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] -> {6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found {7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Adressbuch 6; IsInstalled: 1] -> {89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop-Update; IsInstalled: 1] -> {89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> {8b15971b-5355-4c82-8c07-7e181ea07608} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser [(default): Fax; IsInstalled: 1] -> {9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found {94de52c8-2d59-4f1b-883e-79663d2d9a8c} [StubPath] -> [(default): Fax Provider; IsInstalled: 1] -> {C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found {CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Taskplaner; IsInstalled: 1] -> File not found {CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00 [binary data]] -> File not found {D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash.ocx [(default): Macromedia Shockwave Flash; IsInstalled: 01 00 00 00 [binary data]] -> [2003.12.08 22:01:58 | 000,933,888 | ---- | M | MD5 = F7E435D02F7A48120B746E33254A70BC] (Macromedia, Inc.) {de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found {E78BFA60-5393-4C38-82AB-E8019E464EB4} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found {E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00 [binary data]] -> File not found <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): Versions-Update für Internet Explorer; IsInstalled: 1] -> >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] -> >{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] -> < ActiveX StubPath [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found < ActiveX StubPath [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found < ActiveX StubPath [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found < ActiveX StubPath [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found < ActiveX StubPath [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {8b15971b-5355-4c82-8c07-7e181ea07608} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found {94de52c8-2d59-4f1b-883e-79663d2d9a8c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found >{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found >{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found InitiallyClear [HKLM] -> Reg Error: Key error. [(no name)] -> File not found < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 7zFM.exe -> C:\Programme\7-Zip\7zFM.exe [C:\Programme\7-Zip\7zFM.exe] -> [2010.03.15 09:46:04 | 000,418,304 | ---- | M | MD5 = 880FBB9AD66CE0EF53D1DCD52060F284] (Igor Pavlov) AcroRd32.exe -> C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe [C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe] -> [2004.12.14 12:44:30 | 000,065,536 | ---- | M | MD5 = 1412A6785B953D99A2A83A1ED706ACE8] (Adobe Systems Incorporated) bckgzm.exe -> C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe [C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe] -> [2004.08.04 06:00:00 | 000,042,577 | ---- | M | MD5 = 201CA5901895B439557C945A73F213FD] (Microsoft Corporation) ccleaner.exe -> C:\Programme\CCleaner\CCleaner.exe [C:\Programme\CCleaner\ccleaner.exe] -> [2010.08.26 21:23:34 | 001,779,512 | ---- | M | MD5 = D85E2174F92F4198451563B714CBB361] (Piriform Ltd) chkrzm.exe -> C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe [C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe] -> [2004.08.04 06:00:00 | 000,042,575 | ---- | M | MD5 = 5CB19E77D8D7EDE3F803B52D3C8CDE16] (Microsoft Corporation) combofix.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe [C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe] -> [2010.09.20 22:40:41 | 003,847,603 | R--- | M | MD5 = 3260BA081B03BF08B4A26F159CB9BC91] () CONF.EXE -> C:\Programme\NetMeeting\conf.exe [C:\Programme\NetMeeting\conf.exe] -> [2008.04.14 04:22:39 | 001,040,384 | ---- | M | MD5 = D52FA0554CC9A767299710BBE7454A35] (Microsoft Corporation) dialer.exe -> C:\Programme\Windows NT\dialer.exe [C:\Programme\Windows NT\dialer.exe] -> [2008.04.14 04:22:42 | 000,545,280 | ---- | M | MD5 = 32540B63C37A6592E0FEB8AE598154A7] (Microsoft Corporation) DVDPlay.exe -> C:\Programme\HP\DVDPlay\DVDPlay.exe [C:\Programme\HP\DVDPlay\DVDPlay.exe] -> [2006.01.02 21:26:20 | 000,057,344 | ---- | M | MD5 = F7DC4D27716543BA0FC4B65E2CCA9DB4] (CyberLink Corp.) Excel.exe -> C:\Programme\Microsoft Office\Office\EXCEL.EXE [C:\PROGRA~1\MICROS~3\Office\EXCEL.EXE] -> [1999.03.21 02:54:56 | 007,151,661 | R--- | M | MD5 = 3EE0A49D97B1EF4F5EEDA3EE744DD943] (Microsoft Corporation) frontpg.exe -> C:\Programme\Microsoft Office\Office\FRONTPG.EXE [C:\PROGRA~1\MICROS~3\Office\FRONTPG.EXE] -> [1999.03.20 08:06:38 | 001,990,730 | R--- | M | MD5 = CC53621D56155E5F3FDF6D3694DCEA36] (Microsoft Corporation) HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [%Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008.04.14 04:22:47 | 000,769,024 | ---- | M | MD5 = B63C804F5777FB0694D083F321ED6071] (Microsoft Corporation) HpqApkil.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe [c:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe] -> [2005.09.16 08:33:56 | 000,049,664 | ---- | M | MD5 = FCA335BF8AE66C76E2F6F453C9AE4F66] () HpqDIA.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe [c:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe] -> [2005.09.16 08:34:18 | 000,733,184 | ---- | M | MD5 = 5E92E63936FC6662D484C8F6D8D866E0] ( ) HpqDIAS.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqDIAS.exe [c:\Programme\HP\Digital Imaging\Unload\HpqDIAS.exe] -> [2005.09.16 08:34:18 | 000,339,968 | ---- | M | MD5 = BAAF254642ECADBE0031C3605DE8079F] ( ) hpqimzone.exe -> c:\Programme\HP\Digital Imaging\bin\hpqimzone.exe [c:\Programme\HP\Digital Imaging\bin\hpqimzone.exe] -> [2005.09.24 08:42:32 | 000,475,136 | ---- | M | MD5 = 6C56CF33C2C6236A1162FDFC0BECD042] (Hewlett-Packard Development Company, L.P.) HpqPhUnl.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe [c:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe] -> [2005.09.16 08:29:38 | 000,421,888 | ---- | M | MD5 = 6F92CFB9EA89EFA0F2E6FAA54C47B0FF] () HpqPSmon.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe [c:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe] -> [2005.09.16 08:34:18 | 000,114,688 | ---- | M | MD5 = 739062F4603EC965403F5A9F201EAEFF] () hpqthb08.exe -> c:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [c:\Programme\HP\Digital Imaging\bin\hpqthb08.exe] -> [2005.09.24 09:39:30 | 000,073,728 | ---- | M | MD5 = B2DDFF1F7FF31E8103DC221772353417] (Hewlett-Packard Development Company, L.P.) HpqUnSet.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe [c:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe] -> [2005.09.16 08:29:38 | 000,057,344 | ---- | M | MD5 = E30D5B7E0C707E385CC706946B629825] (TODO: <Company name>) hpquph.exe -> c:\Programme\HP\Digital Imaging\bin\hpquph.exe [c:\Programme\HP\Digital Imaging\bin\hpquph.exe] -> [2005.09.24 08:43:04 | 000,024,576 | ---- | M | MD5 = 51F697C62C238B123A5B4D1110E828CD] (Hewlett-Packard Development Company, L.P.) hpqvpswp.exe -> c:\Programme\HP\Digital Imaging\bin\hpqvpswp.exe [c:\Programme\HP\Digital Imaging\bin\hpqvpswp.exe] -> [2005.09.19 17:21:06 | 000,204,800 | ---- | M | MD5 = BC08FB2BA355559D463F3DA9FF5604E5] (Hewlett-Packard) HPSdpApp.exe -> C:\Programme\Hewlett-Packard\SDP\HPSdpApp.exe [C:\Programme\Hewlett-Packard\SDP\HPSdpApp.exe] -> [2005.09.08 20:23:00 | 000,843,858 | ---- | M | MD5 = A81EC81450D5176701D804F235483F31] (Hewlett-Packard) hrtzzm.exe -> C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2004.08.04 06:00:00 | 000,042,573 | ---- | M | MD5 = 3889F32864A1BCB40B52BAB8DAE7CD79] (Microsoft Corporation) hypertrm.exe -> C:\Programme\Windows NT\hypertrm.exe ["C:\Programme\Windows NT\hypertrm.exe"] -> [2004.08.04 06:00:00 | 000,028,160 | ---- | M | MD5 = 8430D122A2889AEF9F2783B70A1312F0] (Hilgraeve, Inc.) ICWCONN1.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008.04.14 04:22:48 | 000,218,624 | ---- | M | MD5 = 2E7A34FE32391BE7E355CF2112CBFDA2] (Microsoft Corporation) ICWCONN2.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008.04.14 04:22:48 | 000,086,016 | ---- | M | MD5 = BF8908D9736640CD2B568C360AABAAAD] (Microsoft Corporation) INETWIZ.EXE -> C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008.04.14 04:22:49 | 000,020,480 | ---- | M | MD5 = B0C09CCBD188660FBEC6780638F7D430] (Microsoft Corporation) install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found ISIGNUP.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2004.08.04 06:00:00 | 000,016,384 | ---- | M | MD5 = F692F7AAA0A5C08D7C86E9EB799D4FE8] (Microsoft Corporation) ISPSignup.exe -> C:\Programme\Hewlett-Packard\SDP\BTBHost.exe [C:\Programme\Hewlett-Packard\SDP\BTBHost.exe] -> [2005.09.21 19:48:10 | 000,077,824 | ---- | M | MD5 = B272D7A9DC2C6FAC48FC4F97D7A1E0C8] (Hewlett Packard) javaws.exe -> C:\Programme\Java\jre6\bin\javaws.exe [C:\Programme\Java\jre6\bin\javaws.exe] -> [2010.09.04 19:16:12 | 000,153,376 | ---- | M | MD5 = 9D452D6B1ED99F88C327349A644EB3A2] (Sun Microsystems, Inc.) mbam.exe -> C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [C:\Programme\Malwarebytes' Anti-Malware\mbam.exe] -> [2010.04.29 12:19:18 | 001,090,952 | ---- | M | MD5 = 47EA3CF0F509480554A058C6D7641ED0] (Malwarebytes Corporation) MediaHub.exe -> c:\Programme\Gemeinsame Dateien\Sonic Shared\Sonic Central\Main\Mediahub.exe [c:\Programme\Gemeinsame Dateien\Sonic Shared\Sonic Central\Main\Mediahub.exe] -> [2005.10.17 10:04:00 | 002,310,144 | ---- | M | MD5 = BE363FBE5177ED629E5A8A5932AC0DCE] () migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008.04.14 04:22:51 | 000,252,416 | ---- | M | MD5 = A85632ECE7174A730217BEA3B18FAE76] (Microsoft Corporation) moviemk.exe -> C:\Programme\Movie Maker\moviemk.exe [C:\Programme\Movie Maker\moviemk.exe] -> [2010.06.18 15:36:12 | 003,558,912 | ---- | M | MD5 = B66621D7360044D3645C0AC059CF60B2] (Microsoft Corporation) mplayer2.exe -> C:\Programme\Windows Media Player\mplayer2.exe ["C:\Programme\Windows Media Player\mplayer2.exe"] -> [2008.04.14 04:22:53 | 000,004,639 | ---- | M | MD5 = 74454AD03540B9E8B9C39563A4F10FB7] (Microsoft Corporation) MSACCESS.EXE -> C:\Programme\Microsoft Office\Office\MSACCESS.EXE [C:\PROGRA~1\MICROS~3\Office\MSACCESS.EXE] -> [1999.03.21 02:50:40 | 004,677,686 | R--- | M | MD5 = 17F05C1F4AA034497111C5CFD6191B7C] (Microsoft Corporation) MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [%systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE] -> [2008.04.14 04:22:53 | 000,172,544 | ---- | M | MD5 = 07224089294758E956FA1DBCBF51B801] (Microsoft Corporation) msimn.exe -> C:\Programme\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008.04.14 04:22:53 | 000,060,416 | ---- | M | MD5 = 426DC783E4E718B9F38A4C31436154FA] (Microsoft Corporation) msinfo32.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\msinfo32.exe [C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2004.08.04 06:00:00 | 000,040,448 | ---- | M | MD5 = 7A4FB4C5ABEB89628D69AEC1BFD68449] (Microsoft Corporation) MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found msworks.exe -> c:\Programme\Microsoft Works\MSWorks.exe [c:\Programme\Microsoft Works\msworks.exe] -> [2004.07.28 16:03:34 | 000,532,480 | ---- | M | MD5 = 1C7C474A0710CA9063B5253EDCD2A204] (Microsoft® Corporation) MyDVD.exe -> c:\Programme\Sonic\MyDVD\MyDVD.EXE [c:\Programme\Sonic\MyDVD\MyDVD.EXE] -> [2005.12.09 14:14:00 | 023,818,240 | ---- | M | MD5 = 510B58ED005DF058DC41DA3DD1E2A866] (Sonic Solutions) OUTLOOK.EXE -> C:\Programme\Microsoft Office\Office\OUTLOOK.EXE [C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE] -> [1998.12.17 00:09:20 | 000,057,393 | R--- | M | MD5 = F8604A5042F145364A214B4A7DAF1D94] (Microsoft Corporation) pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009.12.17 09:40:01 | 000,346,624 | ---- | M | MD5 = 8B9D6800D0CAC42132CD1573A13CFE7B] (Microsoft Corporation) pcdr5cuiw32.exe -> C:\Programme\PC-Doctor 5 for Windows\pcdr5cuiw32.exe [C:\Programme\PC-Doctor 5 for Windows\pcdr5cuiw32.exe] -> [2005.11.19 11:01:14 | 016,677,888 | ---- | M | MD5 = 81773630D3408A763B3CE982A6084769] () PictureViewer.exe -> C:\Programme\QuickTime\PictureViewer.exe [C:\Programme\QuickTime\PictureViewer.exe] -> [2010.08.10 05:15:50 | 000,557,056 | ---- | M | MD5 = 221AB0EADA3913C0CF5C6B04031F64BF] (Apple Inc.) pinball.exe -> C:\Programme\Windows NT\Pinball\pinball.exe [C:\Programme\Windows NT\Pinball\pinball.exe] -> [2008.04.14 04:22:57 | 000,282,624 | ---- | M | MD5 = 97738A3B0AC3CD5C52BB350CBEEC2F23] (Cinematronics) PowerPnt.exe -> C:\Programme\Microsoft Office\Office\POWERPNT.EXE [C:\PROGRA~1\MICROS~3\Office\POWERPNT.EXE] -> [1999.03.17 06:41:22 | 004,325,428 | R--- | M | MD5 = 90C4974BBC3C08EB3560CD806B36756C] () Python.exe -> C:\Python22\python.exe [C:\Python22\Python.exe] -> [2003.05.31 02:13:56 | 000,020,526 | ---- | M | MD5 = 463004315F9915A4C7FB49B811D30DBC] () QuickTimePlayer.exe -> C:\Programme\QuickTime\QuickTimePlayer.exe [C:\Programme\QuickTime\QuickTimePlayer.exe] -> [2010.08.10 05:34:20 | 001,234,224 | ---- | M | MD5 = 52AD7369AEDC888F3546A6F05ED206E2] (Apple Inc.) RealConverter.exe -> c:\Programme\Real\RealPlayer\converter\RealConverter.exe [c:\programme\real\realplayer\converter\RealConverter.exe] -> [2010.09.04 19:01:46 | 000,378,376 | ---- | M | MD5 = F9C9BE5D11BFEBA34DADFFEC38B0AA29] (RealNetworks, Inc.) RealPlay.exe -> c:\Programme\Real\RealPlayer\realplay.exe [c:\programme\real\realplayer\realplay.exe] -> [2010.09.04 19:01:25 | 000,488,968 | ---- | M | MD5 = A28269B85A0E006E02CB1144F99921A2] (RealNetworks, Inc.) RealUpgrade.exe -> C:\Programme\Real\RealUpgrade\realupgrade.exe [C:\Programme\Real\RealUpgrade\RealUpgrade.exe] -> [2010.06.03 03:02:42 | 000,173,576 | ---- | M | MD5 = 2C1A1F91D3288E7C02B584C2553967B6] (RealNetworks, Inc.) rnxproc.exe -> C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnxproc.exe [C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnxproc.exe] -> [2010.09.04 19:01:23 | 000,058,920 | ---- | M | MD5 = 9C4CC66BA41BD0DA4197C2E996EDBF7A] (RealNetworks, Inc.) rvsezm.exe -> C:\Programme\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe] -> [2004.08.04 06:00:00 | 000,042,574 | ---- | M | MD5 = 155494D43CEDCCF40760ACB148A303E3] (Microsoft Corporation) shvlzm.exe -> C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe [C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe] -> [2004.08.04 06:00:00 | 000,042,573 | ---- | M | MD5 = 0C06802AE1870C4143021803079FCC99] (Microsoft Corporation) SLOW-PCfighter.exe -> C:\Programme\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [C:\Programme\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe] -> [2010.07.27 11:01:02 | 011,537,032 | ---- | M | MD5 = 643BEC626C85E568F93ADA80DF30C514] (SLOW-PCfighter) table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found thunderbird.exe -> C:\Programme\Mozilla Thunderbird\thunderbird.exe [C:\Programme\Mozilla Thunderbird\thunderbird.exe] -> [2010.09.04 20:24:06 | 012,746,928 | ---- | M | MD5 = 21AF0248F9927B64F851DF31B2EC2BF9] (Mozilla Messaging) Unlocker.exe -> C:\Programme\Unlocker\Unlocker.exe [C:\Programme\Unlocker\Unlocker.exe] -> [2010.07.04 23:48:58 | 000,094,208 | ---- | M | MD5 = 51DFAF518ABE1B24AA409CEF12D7D0AB] () wab.exe -> C:\Programme\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008.04.14 04:23:04 | 000,046,080 | ---- | M | MD5 = 72AD946DD359A5E3C69B90205007230B] (Microsoft Corporation) wabmig.exe -> C:\Programme\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008.04.14 04:23:04 | 000,030,208 | ---- | M | MD5 = 06526C5E456F78B90593CEC8D4C955E8] (Microsoft Corporation) winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found Winword.exe -> C:\Programme\Microsoft Office\Office\WINWORD.EXE [C:\PROGRA~1\MICROS~3\Office\WINWORD.EXE] -> [1999.04.23 23:45:44 | 008,441,907 | R--- | M | MD5 = 5B7CDCCA708BB61874AC3C51DA441D61] (Microsoft Corporation) WKPLMSTP.EXE -> c:\Programme\Microsoft Works\wkplmstp.exe [c:\Programme\Microsoft Works\wkplmstp.exe] -> [2004.07.28 17:03:36 | 000,033,792 | ---- | M | MD5 = 2EFC1AE6CB938181222926BE0D588AE3] (Microsoft Corporation) WKSAB.EXE -> c:\Programme\Microsoft Works\wksab.exe [c:\Programme\Microsoft Works\WKSAB.exe] -> [2004.07.12 02:55:26 | 000,006,656 | ---- | M | MD5 = 39644500D64078304B74607F5309CA3D] (Microsoft® Corporation) wkscal.exe -> c:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WksCal.exe [c:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkscal.exe] -> [2004.07.28 17:03:38 | 000,110,592 | ---- | M | MD5 = B2066A9161452D43EB479793DE65E22E] (Microsoft® Corporation) wksdb.exe -> c:\Programme\Microsoft Works\wksdb.exe [c:\Programme\Microsoft Works\wksdb.exe] -> [2004.07.28 16:03:40 | 002,240,512 | ---- | M | MD5 = 97462D0EAA36ACF4C64A9E05E0A54687] (Microsoft® Corporation) WKSSB.EXE -> c:\Programme\Microsoft Works\WksSb.exe [c:\Programme\Microsoft Works\WKSSB.exe] -> [2004.07.12 03:56:38 | 000,729,088 | ---- | M | MD5 = C4CC90AFA55E1101DC1CFEB54B9CA3AB] (Microsoft® Corporation) wksss.exe -> c:\Programme\Microsoft Works\wksss.exe [c:\Programme\Microsoft Works\wksss.exe] -> [2004.07.28 16:03:42 | 001,892,352 | ---- | M | MD5 = 51CEC8718639850EBED3426D2DCCE707] (Microsoft® Corporation) wkswp.exe -> c:\Programme\Microsoft Works\WksWP.exe [c:\Programme\Microsoft Works\wkswp.exe] -> [2004.07.28 16:03:42 | 000,114,688 | ---- | M | MD5 = 253992DF9179AD3B3C9A01C728447DFB] (Microsoft® Corporation) WKWCESTP.EXE -> c:\Programme\Microsoft Works\wkwcestp.exe [c:\Programme\Microsoft Works\wkwcestp.exe] -> [2004.07.28 17:03:44 | 000,031,232 | ---- | M | MD5 = 369DCEFB68C2145B6A60BC1CF1D95696] () wlmail.exe -> C:\Programme\Windows Live\Mail\wlmail.exe [C:\Programme\Windows Live\Mail\wlmail.exe] -> [2009.07.26 17:44:14 | 000,112,464 | ---- | M | MD5 = CC9D6AC0B725CBA911E267F79660D15B] (Microsoft Corporation) wmplayer.exe -> C:\Programme\Windows Media Player\wmplayer.exe [C:\Programme\Windows Media Player\wmplayer.exe] -> [2006.11.03 09:56:14 | 000,064,000 | ---- | M | MD5 = 3F65D5D0A00427D19B2D1461580E2777] (Microsoft Corporation) WRITE.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M | MD5 = A03F64E664CDD7D51F75321FF32D7B92] (Microsoft Corporation) < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> "{0006F045-0000-0000-C000-000000000046}" [HKLM] -> C:\Programme\Microsoft Office\Office\OLKFSTUB.DLL [Microsoft Outlook Custom Icon Handler] -> [1999.03.16 21:16:28 | 000,049,202 | ---- | M | MD5 = 00A119F4709CF5C63D4A26EB33E7C99F] (Microsoft Corporation) "{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Viewer Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation) "{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Autoplay Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation) "{00F33137-EE26-412F-8D71-F84E4C2C6625}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation) "{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Viewer Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation) "{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Editor Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation) "{00F374B7-B390-4884-B372-2FC349F2172B}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Editor Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation) "{0563DB41-F538-4B37-A92D-4659049B7766}" [HKLM] -> C:\Programme\Windows Live\Mail\mailcomm.dll [WLMD Message Handler] -> [2009.07.26 17:44:48 | 000,789,824 | ---- | M | MD5 = 021E1FA87DAB47ACE09F900B00074774] (Microsoft Corporation) "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [] -> [2009.07.10 13:12:00 | 000,230,256 | ---- | M | MD5 = 08BABBC59A813C24A4815ECD8DF881DF] (Microsoft Corporation) "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Microsoft Datenverknüpfung] -> [2008.04.14 04:22:23 | 000,487,424 | ---- | M | MD5 = 56330321BEF8767D8E952886EFD854E0] (Microsoft Corporation) "{23170F69-40C1-278A-1000-000100020000}" [HKLM] -> C:\Programme\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [2010.03.15 09:45:30 | 000,054,784 | ---- | M | MD5 = 8F06CD13B068E47B8DFA6C71E17F14AF] (Igor Pavlov) "{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Autoplay Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation) "{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Programme\Outlook Express\wabfind.dll [&Nach Personen...] -> [2008.04.14 04:22:32 | 000,032,768 | ---- | M | MD5 = 77CD31AAC4A19DC893E613893DB9AA91] (Microsoft Corporation) "{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> [CPL-Erweiterung für Anzeigeverschiebung] -> File not found "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll [Shell Extension for Malware scanning] -> [2008.06.12 14:48:37 | 000,065,793 | ---- | M | MD5 = 09B3D3F6AD9744417574676E5A2836EE] (Avira GmbH) "{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Shellerweiterungen für die Dateikomprimierung] -> File not found "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" [HKLM] -> C:\WINDOWS\system32\ShellvRTF.dll [ShellViewRTF] -> [2005.06.03 23:29:30 | 000,237,568 | ---- | M | MD5 = B309190CEDF4A4E60865787DDE826901] (XSS) "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Kontextmenü für die Verschlüsselung] -> File not found "{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [Erweiterung für HyperTerminal-Icons] -> [2004.08.04 06:00:00 | 000,044,544 | ---- | M | MD5 = A0273EDC903D503BE8747A1DB6928879] (Hilgraeve, Inc.) "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" [HKLM] -> C:\Programme\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [2010.07.04 23:32:38 | 000,010,752 | ---- | M | MD5 = 49B6AF547ED4BA1FB07BF6F384FDA841] () "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" [HKLM] -> c:\Programme\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> [2010.09.04 19:01:59 | 000,063,016 | ---- | M | MD5 = 0740ABDF0265BA0260D52FE88DCB9067] (RealNetworks, Inc.) < Approved Shell Extensions [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ -> {BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] -> [2001.05.19 22:57:40 | 000,561,209 | ---- | M | MD5 = 69F2733298C69CBE2AB585D245659A9B] () < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008.04.14 04:23:07 | 000,199,680 | ---- | M | MD5 = 793600E335B7D7936FCBE9EB38BA3E0B] (Intel Corporation) "msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010.01.29 16:43:35 | 000,307,260 | ---- | M | MD5 = BBD34DCBCEC28E415F634E03C0AB4DF4] (Fraunhofer Institut Integrierte Schaltungen IIS) "msacm.siren" -> C:\WINDOWS\System32\sirenacm.dll [sirenacm.dll] -> [2009.07.26 17:44:56 | 000,048,448 | ---- | M | MD5 = CF1C4265A73D50A1CE97FD308CE1AFC9] (Microsoft Corporation) "msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008.04.14 04:21:29 | 000,086,016 | ---- | M | MD5 = 07C878A1F49E5BD6677366664F68561D] (Sipro Lab Telecom Inc.) "msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004.08.04 06:00:00 | 000,008,192 | ---- | M | MD5 = E5BECBCCE3AC3E8D594FCBE9A0338DF5] (DSP GROUP, INC.) "vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010.06.17 16:03:00 | 000,080,384 | ---- | M | MD5 = 4D3B436B8AD9947F902D40C5688BC3CD] (Radius Inc.) "vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004.08.04 06:00:00 | 000,199,168 | ---- | M | MD5 = CF159355DE2C8B4633172353CC22ED89] () "vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004.08.04 06:00:00 | 000,199,168 | ---- | M | MD5 = CF159355DE2C8B4633172353CC22ED89] () "vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008.04.14 04:23:07 | 000,848,384 | ---- | M | MD5 = CADC53118EA7B95D1EA7EBB068871689] (Intel Corporation) "vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008.04.14 04:22:12 | 000,755,200 | ---- | M | MD5 = E92343AC6AA48A062FE970FA9E5CCF23] (Intel Corporation) "vidc.LEAD" -> C:\WINDOWS\System32\LCodcCMP.dll [LCODCCMP.DLL] -> [2002.04.24 20:42:18 | 000,364,544 | ---- | M | MD5 = 021C3E651ACDB0C71498259C208FCCAC] (LEAD Technologies, Inc.) < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> 6to4 -> -> File not found AppMgmt -> C:\WINDOWS\System32\appmgmts.dll -> File not found Ias -> -> File not found Iprip -> -> File not found Irmon -> -> File not found NWCWorkstation -> -> File not found Nwsapagent -> -> File not found Wmi -> C:\WINDOWS\System32\wmi.dll -> [2008.04.14 04:21:45 | 000,005,632 | ---- | M | MD5 = 43AD9160D7AF6E7EAD00B485EBBAB6A5] (Microsoft Corporation) WmdmPmSp -> -> File not found *MultiFile Done* -> -> [Files/Folders - Created Within 30 Days] xmldm -> C:\WINDOWS\System32\xmldm -> [2010.09.22 21:12:08 | 000,000,000 | ---D | C] OTS.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTS.exe -> [2010.09.22 20:54:15 | 000,641,536 | ---- | C | MD5 = 9A719DC92BA73362621B65ABE6B0289D] (OldTimer Tools) Recent -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Recent -> [2010.09.21 19:36:26 | 000,000,000 | RH-D | C] RECYCLER -> C:\RECYCLER -> [2010.09.21 19:30:36 | 000,000,000 | -HSD | C] remover.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\remover.exe -> [2010.09.16 19:45:13 | 000,083,968 | ---- | C | MD5 = FFD9CEF70883E655ED1913CFC5C97C44] (eSage Lab) 7-Zip -> C:\Programme\7-Zip -> [2010.09.12 16:59:47 | 000,000,000 | ---D | C] Apple Computer -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Apple Computer -> [2010.09.05 18:06:34 | 000,000,000 | ---D | C] AVZ -> C:\AVZ -> [2010.09.05 17:47:20 | 000,000,000 | ---D | C] TDSSKiller.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\TDSSKiller.exe -> [2010.09.05 16:42:34 | 001,286,232 | ---- | C | MD5 = 5A692AC2F0D4B8FF73FC961F45CC9525] (Kaspersky Lab ZAO) Secunia -> C:\Programme\Secunia -> [2010.09.04 19:41:53 | 000,000,000 | ---D | C] Sun -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun -> [2010.09.04 19:16:46 | 000,000,000 | ---D | C] deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010.09.04 19:16:27 | 000,411,368 | ---- | C | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.) javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010.09.04 19:16:27 | 000,153,376 | ---- | C | MD5 = 9D452D6B1ED99F88C327349A644EB3A2] (Sun Microsystems, Inc.) javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010.09.04 19:16:27 | 000,145,184 | ---- | C | MD5 = 4E8CC8BDEBED5AD93539612D4D316FDF] (Sun Microsystems, Inc.) java.exe -> C:\WINDOWS\System32\java.exe -> [2010.09.04 19:16:27 | 000,145,184 | ---- | C | MD5 = 43F7CA0473BB0FC9DD44ECF328B8D1FA] (Sun Microsystems, Inc.) javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010.09.04 19:16:27 | 000,073,728 | ---- | C | MD5 = 9DCF2BC541E53345C89F62C1A4621486] (Sun Microsystems, Inc.) rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2010.09.04 19:02:06 | 000,185,920 | ---- | C | MD5 = 1943C53C625732DEEC2A798CC619EC08] (RealNetworks, Inc.) pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2010.09.04 19:01:57 | 000,006,656 | ---- | C | MD5 = 33833B3EDA1B07EBD367FA9B38B23E60] (RealNetworks, Inc.) pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2010.09.04 19:01:57 | 000,005,632 | ---- | C | MD5 = B74E422BC81236042529DC8A42A18423] (RealNetworks, Inc.) xing shared -> C:\Programme\Gemeinsame Dateien\xing shared -> [2010.09.04 19:01:48 | 000,000,000 | ---D | C] Real -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real -> [2010.09.04 19:00:46 | 000,000,000 | ---D | C] Apple -> C:\Programme\Gemeinsame Dateien\Apple -> [2010.09.04 18:51:03 | 000,000,000 | ---D | C] Apple -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Apple -> [2010.09.04 18:50:46 | 000,000,000 | ---D | C] Apple Computer -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Apple Computer -> [2010.09.04 18:49:51 | 000,000,000 | ---D | C] CCleaner -> C:\Programme\CCleaner -> [2010.09.04 18:19:47 | 000,000,000 | ---D | C] OTL.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTL.exe -> [2010.08.31 23:41:20 | 000,574,976 | ---- | C | MD5 = 8C3A7CAD1EFAF032734509A37A0C9022] (OldTimer Tools) SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010.08.30 22:59:21 | 000,212,480 | ---- | C | MD5 = B1A9CF0B6F80611D31987C247EC630B4] (SteelWerX) SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010.08.30 22:59:21 | 000,161,792 | ---- | C | MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B] (SteelWerX) SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010.08.30 22:59:21 | 000,136,704 | ---- | C | MD5 = B7517DB073B28F5696A1E5528ABEB5D0] (SteelWerX) NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010.08.30 22:59:21 | 000,031,232 | ---- | C | MD5 = AE72E8619CB31D84DA25E2435E55003C] (NirSoft) ERDNT -> C:\WINDOWS\ERDNT -> [2010.08.30 22:59:15 | 000,000,000 | ---D | C] Combo-Fix -> C:\Combo-Fix -> [2010.08.30 22:59:13 | 000,000,000 | ---D | C] Qoobox -> C:\Qoobox -> [2010.08.30 22:58:30 | 000,000,000 | ---D | C] Malwarebytes -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes -> [2010.08.29 20:11:09 | 000,000,000 | ---D | C] mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010.08.29 20:10:52 | 000,038,224 | ---- | C | MD5 = 7364D8A830F91C487F430A57FDBD2BBB] (Malwarebytes Corporation) Malwarebytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes -> [2010.08.29 20:10:49 | 000,000,000 | ---D | C] mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010.08.29 20:10:48 | 000,020,952 | ---- | C | MD5 = A02C631493AB553A1112A6B699FE61B3] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> C:\Programme\Malwarebytes' Anti-Malware -> [2010.08.29 20:10:48 | 000,000,000 | ---D | C] RandFont.dll -> C:\WINDOWS\Fonts\RandFont.dll -> [2005.09.24 08:49:16 | 000,012,288 | ---- | C | MD5 = BCE1F66D076ACBBB7D67DDA6656ECF06] (Hewlett-Packard Development Company, L.P.) 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files/Folders - Modified Within 30 Days] hpsysdrv.dat -> C:\WINDOWS\System\hpsysdrv.dat -> [2010.09.22 21:13:56 | 000,000,248 | ---- | M | MD5 = A8A0FA4227DBF6432A73F308EA22F10C] () RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> [2010.09.22 21:09:39 | 000,000,282 | ---- | M | MD5 = 43593C5F784877D5240DA821E1584A71] () SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010.09.22 21:09:30 | 000,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] () bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010.09.22 21:09:29 | 000,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] () hiberfil.sys -> C:\hiberfil.sys -> [2010.09.22 21:09:26 | 468,242,432 | -HS- | M | Unable to obtain MD5] () NTUSER.DAT -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\NTUSER.DAT -> [2010.09.22 21:08:31 | 004,194,304 | -H-- | M | Unable to obtain MD5] () ntuser.ini -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\ntuser.ini -> [2010.09.22 21:08:31 | 000,000,190 | -HS- | M | MD5 = 3437668D99DBC2C3B952F11649E2AD49] () OTS.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTS.exe -> [2010.09.22 20:54:30 | 000,641,536 | ---- | M | MD5 = 9A719DC92BA73362621B65ABE6B0289D] (OldTimer Tools) DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010.09.21 21:02:56 | 000,084,480 | ---- | M | MD5 = 63F9DC8DDA58E88968A3E85531AD4E83] () system.ini -> C:\WINDOWS\system.ini -> [2010.09.20 22:57:04 | 000,000,227 | ---- | M | MD5 = C9DD76D0EF94637C77FF8CA5E0FB0684] () Combo-Fix.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe -> [2010.09.20 22:40:41 | 003,847,603 | R--- | M | MD5 = 3260BA081B03BF08B4A26F159CB9BC91] () avenger.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\avenger.exe -> [2010.09.19 22:10:39 | 000,731,136 | ---- | M | MD5 = 30F3680E007D924960FD65524DE36601] () RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> [2010.09.18 19:03:02 | 000,000,290 | ---- | M | MD5 = 3876281B4AEE43D319A9FCC1BEC7CDED] () IconCache.db -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\IconCache.db -> [2010.09.16 21:47:41 | 003,915,828 | -H-- | M | MD5 = E2AEB81F36A947F158C926053B966478] () bootk3.zip -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk3.zip -> [2010.09.16 20:00:08 | 000,083,410 | ---- | M | MD5 = 9D871978F9CBA964E41B6C3E49072BF5] () bootk3.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk3.doc -> [2010.09.16 19:58:12 | 000,105,984 | ---- | M | MD5 = 20F217F13DCE1D850D221EE2563E215E] () bootk2.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk2.doc -> [2010.09.16 19:55:47 | 000,137,728 | ---- | M | MD5 = 34E1C6607CE0BA7C2283F7A83B21F59B] () bootk1.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk1.doc -> [2010.09.16 19:54:59 | 000,105,984 | ---- | M | MD5 = 4A0960DB391193A4D89B5685B899C153] () bootkit_remover.rar -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\bootkit_remover.rar -> [2010.09.16 19:44:00 | 000,040,422 | ---- | M | MD5 = 85F808F47B9B62957259FEF5B9D3811F] () bootkit.zip -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootkit.zip -> [2010.09.15 23:49:53 | 000,083,401 | ---- | M | MD5 = D002A113EA94AE1F0BA905B591753F38] () bootkit.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootkit.doc -> [2010.09.15 23:46:08 | 000,116,224 | ---- | M | MD5 = 20D8038A448469195ED03E382C7934A9] () MBRCheck.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\MBRCheck.exe -> [2010.09.15 22:00:29 | 000,080,384 | ---- | M | MD5 = CB2D120A4B72422A8141192831B1F500] () wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010.09.13 18:40:54 | 000,001,158 | ---- | M | MD5 = 90C07AAC1F3EE3BA24C37876D79A4574] () Results of system analysis.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\Results of system analysis.doc -> [2010.09.12 17:21:39 | 000,572,928 | ---- | M | MD5 = 35669E8EAC1B4D140EDCC31A747D5955] () betti.JPG -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\betti.JPG -> [2010.09.07 21:55:08 | 000,010,071 | ---- | M | MD5 = 312AE49CD3BFAAC048CBB7AF7D941D77] () RKUnhookerLE.EXE -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\RKUnhookerLE.EXE -> [2010.09.05 17:07:01 | 000,133,632 | ---- | M | MD5 = 271EAD1D88F23C65AF7F0D3B0596D46F] () Secunia PSI.lnk -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmenü\Programme\Autostart\Secunia PSI.lnk -> [2010.09.04 19:43:23 | 000,000,711 | ---- | M | MD5 = 21B0F425A2D14CEF98E031C58B6D91AA] () javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010.09.04 19:16:12 | 000,153,376 | ---- | M | MD5 = 9D452D6B1ED99F88C327349A644EB3A2] (Sun Microsystems, Inc.) javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010.09.04 19:16:12 | 000,145,184 | ---- | M | MD5 = 4E8CC8BDEBED5AD93539612D4D316FDF] (Sun Microsystems, Inc.) java.exe -> C:\WINDOWS\System32\java.exe -> [2010.09.04 19:16:12 | 000,145,184 | ---- | M | MD5 = 43F7CA0473BB0FC9DD44ECF328B8D1FA] (Sun Microsystems, Inc.) javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010.09.04 19:16:12 | 000,073,728 | ---- | M | MD5 = 9DCF2BC541E53345C89F62C1A4621486] (Sun Microsystems, Inc.) deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010.09.04 19:16:11 | 000,411,368 | ---- | M | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.) PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010.09.04 19:15:46 | 000,902,476 | ---- | M | MD5 = 25DB18BEC5B8CD370CB4D39CF9DD499D] () perfh007.dat -> C:\WINDOWS\System32\perfh007.dat -> [2010.09.04 19:15:46 | 000,392,842 | ---- | M | MD5 = F384401903BE48797EC4D95327156ACF] () perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010.09.04 19:15:46 | 000,381,828 | ---- | M | MD5 = A18A182A6112897DFFE837E3F04AE4DD] () perfc007.dat -> C:\WINDOWS\System32\perfc007.dat -> [2010.09.04 19:15:46 | 000,064,650 | ---- | M | MD5 = 2639A1174617702AB7368B155362A691] () perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010.09.04 19:15:46 | 000,053,572 | ---- | M | MD5 = DB540EB561C4EDEC5FE3ED48FD31796D] () cc_20100904_191209.reg -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\cc_20100904_191209.reg -> [2010.09.04 19:12:34 | 000,008,540 | ---- | M | MD5 = CFF1255DE59234E57279C1A3DFBDBB7E] () rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2010.09.04 19:02:06 | 000,185,920 | ---- | M | MD5 = 1943C53C625732DEEC2A798CC619EC08] (RealNetworks, Inc.) pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2010.09.04 19:01:57 | 000,006,656 | ---- | M | MD5 = 33833B3EDA1B07EBD367FA9B38B23E60] (RealNetworks, Inc.) pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2010.09.04 19:01:57 | 000,005,632 | ---- | M | MD5 = B74E422BC81236042529DC8A42A18423] (RealNetworks, Inc.) pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010.09.04 19:01:24 | 000,278,528 | ---- | M | MD5 = 13001EB0A58B4DE96126B16AB15FD8CC] (Real Networks, Inc) Mozilla Thunderbird.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk -> [2010.09.04 18:56:27 | 000,001,643 | ---- | M | MD5 = 393549BF03154295A4A5EB57C7403F4B] () CCleaner.lnk -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\CCleaner.lnk -> [2010.09.04 18:19:50 | 000,000,665 | ---- | M | MD5 = 74DDA3EEE796B907F6080EE33E6C3E44] () hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010.09.03 19:05:08 | 000,000,027 | ---- | M | MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945] () TDSSKiller.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\TDSSKiller.exe -> [2010.09.03 10:27:00 | 001,286,232 | ---- | M | MD5 = 5A692AC2F0D4B8FF73FC961F45CC9525] (Kaspersky Lab ZAO) remover.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\remover.exe -> [2010.09.01 15:33:49 | 000,083,968 | ---- | M | MD5 = FFD9CEF70883E655ED1913CFC5C97C44] (eSage Lab) OTL.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTL.exe -> [2010.08.31 23:41:25 | 000,574,976 | ---- | M | MD5 = 8C3A7CAD1EFAF032734509A37A0C9022] (OldTimer Tools) ComboFix 10.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\ComboFix 10.doc -> [2010.08.31 23:33:46 | 000,118,784 | ---- | M | MD5 = 3BE12C511DFCFB6189B9F49BEFD2D2EC] () defogger_reenable -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\defogger_reenable -> [2010.08.30 19:39:16 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] () GMER 1.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\GMER 1.doc -> [2010.08.28 20:07:43 | 000,028,160 | ---- | M | MD5 = E4F2821BE6A1C57B39F6C7995F346FC8] () 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 6 C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\temp\*.tmp files -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\temp\*.tmp -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files - No Company Name] Combo-Fix.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe -> [2010.09.20 22:34:19 | 003,847,603 | R--- | C | MD5 = 3260BA081B03BF08B4A26F159CB9BC91] () avenger.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\avenger.exe -> [2010.09.19 22:10:28 | 000,731,136 | ---- | C | MD5 = 30F3680E007D924960FD65524DE36601] () IconCache.db -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\IconCache.db -> [2010.09.16 21:47:41 | 003,915,828 | -H-- | C | MD5 = E2AEB81F36A947F158C926053B966478] () bootk3.zip -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk3.zip -> [2010.09.16 20:00:08 | 000,083,410 | ---- | C | MD5 = 9D871978F9CBA964E41B6C3E49072BF5] () bootk3.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk3.doc -> [2010.09.16 19:58:12 | 000,105,984 | ---- | C | MD5 = 20F217F13DCE1D850D221EE2563E215E] () bootk2.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk2.doc -> [2010.09.16 19:55:47 | 000,137,728 | ---- | C | MD5 = 34E1C6607CE0BA7C2283F7A83B21F59B] () bootk1.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk1.doc -> [2010.09.16 19:54:59 | 000,105,984 | ---- | C | MD5 = 4A0960DB391193A4D89B5685B899C153] () bootkit_remover_debug_log.txt -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\bootkit_remover_debug_log.txt -> [2010.09.16 19:48:35 | 000,035,875 | ---- | C | MD5 = E040B6E69B3FA2B475A6FFC7A861F17D] () bootkit.zip -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootkit.zip -> [2010.09.15 23:49:53 | 000,083,401 | ---- | C | MD5 = D002A113EA94AE1F0BA905B591753F38] () bootkit.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootkit.doc -> [2010.09.15 23:46:07 | 000,116,224 | ---- | C | MD5 = 20D8038A448469195ED03E382C7934A9] () bootkit_remover.rar -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\bootkit_remover.rar -> [2010.09.15 23:34:05 | 000,040,422 | ---- | C | MD5 = 85F808F47B9B62957259FEF5B9D3811F] () MBRCheck.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\MBRCheck.exe -> [2010.09.15 22:00:29 | 000,080,384 | ---- | C | MD5 = CB2D120A4B72422A8141192831B1F500] () Results of system analysis.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\Results of system analysis.doc -> [2010.09.12 17:21:38 | 000,572,928 | ---- | C | MD5 = 35669E8EAC1B4D140EDCC31A747D5955] () betti.JPG -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\betti.JPG -> [2010.09.07 21:55:08 | 000,010,071 | ---- | C | MD5 = 312AE49CD3BFAAC048CBB7AF7D941D77] () RKUnhookerLE.EXE -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\RKUnhookerLE.EXE -> [2010.09.05 17:07:27 | 000,133,632 | ---- | C | MD5 = 271EAD1D88F23C65AF7F0D3B0596D46F] () Secunia PSI.lnk -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmenü\Programme\Autostart\Secunia PSI.lnk -> [2010.09.04 19:43:23 | 000,000,711 | ---- | C | MD5 = 21B0F425A2D14CEF98E031C58B6D91AA] () cc_20100904_191209.reg -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\cc_20100904_191209.reg -> [2010.09.04 19:12:16 | 000,008,540 | ---- | C | MD5 = CFF1255DE59234E57279C1A3DFBDBB7E] () RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> [2010.09.04 19:02:26 | 000,000,282 | ---- | C | MD5 = 43593C5F784877D5240DA821E1584A71] () RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> [2010.09.04 19:02:24 | 000,000,290 | ---- | C | MD5 = 3876281B4AEE43D319A9FCC1BEC7CDED] () Mozilla Thunderbird.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk -> [2010.09.04 18:56:27 | 000,001,643 | ---- | C | MD5 = 393549BF03154295A4A5EB57C7403F4B] () CCleaner.lnk -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\CCleaner.lnk -> [2010.09.04 18:19:50 | 000,000,665 | ---- | C | MD5 = 74DDA3EEE796B907F6080EE33E6C3E44] () ComboFix 10.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\ComboFix 10.doc -> [2010.08.31 23:33:45 | 000,118,784 | ---- | C | MD5 = 3BE12C511DFCFB6189B9F49BEFD2D2EC] () PEV.exe -> C:\WINDOWS\PEV.exe -> [2010.08.30 22:59:21 | 000,256,512 | ---- | C | MD5 = F1FBA6185A6A2BC6456970914875078E] () sed.exe -> C:\WINDOWS\sed.exe -> [2010.08.30 22:59:21 | 000,098,816 | ---- | C | MD5 = 2B657A67AEBB84AEA5632C53E61E23BF] () grep.exe -> C:\WINDOWS\grep.exe -> [2010.08.30 22:59:21 | 000,080,412 | ---- | C | MD5 = 9E05A9C264C8A908A8E79450FCBFF047] () MBR.exe -> C:\WINDOWS\MBR.exe -> [2010.08.30 22:59:21 | 000,077,312 | ---- | C | MD5 = C5EC72A20B4C98DB5314E6C46765B148] () zip.exe -> C:\WINDOWS\zip.exe -> [2010.08.30 22:59:21 | 000,068,096 | ---- | C | MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8] () defogger_reenable -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\defogger_reenable -> [2010.08.30 19:39:16 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] () GMER 1.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\GMER 1.doc -> [2010.08.28 20:07:43 | 000,028,160 | ---- | C | MD5 = E4F2821BE6A1C57B39F6C7995F346FC8] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009.02.13 19:16:00 | 000,084,480 | ---- | C | MD5 = 63F9DC8DDA58E88968A3E85531AD4E83] () GDIPFONTCACHEV1.DAT -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT -> [2009.02.07 16:16:07 | 000,046,304 | ---- | C | MD5 = 4811D0ECB036B71FCBEE20FFFF42EAE3] () wklnhst.dat -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\wklnhst.dat -> [2009.02.07 16:16:05 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] () desktop.ini -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\desktop.ini -> [2009.02.07 15:34:25 | 000,000,062 | -HS- | C | MD5 = 88CF0FF92A4A9FA7BD9B7513B2E9E22B] () fusioncache.dat -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat -> [2009.02.07 15:34:21 | 000,000,160 | ---- | C | MD5 = 7BCE6A2B14316D6BEDB53A854C3A7D4B] () QTSBandwidthCache -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache -> [2007.09.25 18:39:50 | 000,001,763 | ---- | C | MD5 = F4128E52135B8615CAE7363AE6DD64BA] () if40le.ini -> C:\WINDOWS\if40le.ini -> [2006.12.26 13:09:56 | 000,000,613 | ---- | C | MD5 = EF0C8478243F9968DE8C2DA7973ACD70] () SCNDRVU.INI -> C:\WINDOWS\SCNDRVU.INI -> [2006.12.26 13:09:54 | 000,000,114 | ---- | C | MD5 = 7A0BFD238CEF317A73A0D89CCECD32D3] () If42le.ini -> C:\WINDOWS\If42le.ini -> [2006.12.26 13:09:35 | 000,003,049 | ---- | C | MD5 = 982AB916D4E334A34816FA759043A195] () PEXPLORE.INI -> C:\WINDOWS\PEXPLORE.INI -> [2006.12.26 13:09:34 | 000,000,241 | ---- | C | MD5 = 91DCDF54F9DE74E17BB027A222AB74A0] () umxaddin.ini -> C:\WINDOWS\umxaddin.ini -> [2006.12.26 13:09:23 | 000,000,403 | ---- | C | MD5 = FF2FB8216A5CF24FD58515A5FFDCD0E4] () AutoSet.dll -> C:\WINDOWS\AutoSet.dll -> [2006.12.26 13:08:13 | 000,049,152 | R--- | C | MD5 = C9330F5BCAF5F04D0220D6D3C8D3E8B8] () ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006.05.03 18:02:07 | 000,000,777 | ---- | C | MD5 = B5F0A649297C19F92ED0585D343B47BC] () UMSDIH.DLL -> C:\WINDOWS\UMSDIH.DLL -> [2006.05.02 22:33:16 | 000,032,768 | ---- | C | MD5 = 8441709A3748D31BBFC01991A1E40A71] () addr_file.html -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html -> [2006.05.02 22:20:42 | 000,000,305 | ---- | C | MD5 = 701F9A86DF4EAD62C9D7FE721C9B2788] () px.ini -> C:\WINDOWS\System32\px.ini -> [2005.12.09 23:03:52 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] () smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005.01.01 21:24:26 | 000,000,061 | ---- | C | MD5 = C0759373CABA4620D082671DC8B0B919] () USBkey.sys -> C:\WINDOWS\System32\drivers\USBkey.sys -> [2005.01.01 21:05:37 | 000,028,848 | ---- | C | MD5 = F2CE99DD9F56BAFC49234A1EFB0AFC8E] () CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2005.01.01 21:02:58 | 000,013,624 | ---- | C | MD5 = 580C903B70A86CF7E626127253D634AB] () hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2005.01.01 21:02:53 | 000,045,056 | ---- | C | MD5 = 05898261D50E965F13D3F86C44C82FF4] () WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2005.01.01 20:56:54 | 000,000,108 | ---- | C | MD5 = 9C09EADC9B8713AAE2D45FA244902A04] () hpzinstall.log -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log -> [2005.01.01 20:43:38 | 000,001,702 | ---- | C | MD5 = 1A98D1E1B23215301B210D98BC458859] () fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005.01.01 20:42:40 | 000,003,776 | ---- | C | MD5 = 221FCC75D1FB9664146B8C682ECF094D] () orun32.ini -> C:\WINDOWS\orun32.ini -> [2005.01.01 20:26:25 | 000,000,849 | ---- | C | MD5 = 325DD251729238D31A0A663FC366BD7B] () pythoncom22.dll -> C:\WINDOWS\System32\pythoncom22.dll -> [2005.01.01 20:23:16 | 000,323,584 | ---- | C | MD5 = 8944B18FE541BA21CFCC93E3D292E78E] () pywintypes22.dll -> C:\WINDOWS\System32\pywintypes22.dll -> [2005.01.01 20:23:16 | 000,094,208 | ---- | C | MD5 = 4977C5A01D47D6248135DEF9997932E8] () bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2005.01.01 20:23:01 | 000,016,896 | ---- | C | MD5 = 920F96B11AB9B7764B0FBAD336E6D016] () desktop.ini -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini -> [2004.11.02 19:56:58 | 000,000,062 | -HS- | C | MD5 = 88CF0FF92A4A9FA7BD9B7513B2E9E22B] () oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2002.09.20 18:19:34 | 000,001,194 | ---- | C | MD5 = 94C1FD56D7FA34F3B9FAE00F84CB7DC9] () HPTCPMON.INI -> C:\WINDOWS\System32\HPTCPMON.INI -> [2001.07.06 23:30:00 | 000,003,254 | ---- | C | MD5 = 7A6147A12AF554BA8D44AF299006B3BB] () MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999.01.22 21:46:58 | 000,065,536 | ---- | C | MD5 = 968A5129FBE4EA13B31BDA7F47392729] () [File - Lop Check] AntiVir PersonalEdition Classic -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic -> [2009.02.05 22:05:37 | 000,000,000 | ---D | M] Fighters -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters -> [2010.08.19 15:56:21 | 000,000,000 | ---D | M] Prevx -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prevx -> [2007.12.27 13:41:24 | 000,000,000 | ---D | M] Prism -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prism -> [2006.05.02 20:39:37 | 000,000,000 | ---D | M] SecTaskMan -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan -> [2010.09.14 19:43:54 | 000,000,000 | ---D | M] TEMP -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP -> [2008.10.16 13:03:58 | 000,000,000 | ---D | M] [File - Purity Scan] [Custom Scans] < %SYSTEMDRIVE%\*.exe > secutest.exe -> C:\secutest.exe -> [2007.02.22 16:29:38 | 000,444,654 | ---- | M | MD5 = 0BC073D72E5B0067812702836D25BB8E] (Mark Loman) < %systemroot%\*. /mp /s > Restore point Set: OTS Restore Point (0) < %systemroot%\system32\*.dll /lockedfiles > 8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > psi_mf.sys -> C:\WINDOWS\system32\drivers\psi_mf.sys -> [2010.07.07 16:05:32 | 000,014,904 | ---- | M | MD5 = 1DF21F001F3A94EBA4A2950C70CC358F] (Secunia) < %systemroot%\system32\ws2help.dll /md5 > ws2help.dll : MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -> C:\WINDOWS\system32\ws2help.dll -> [2008.04.14 04:22:32 | 000,019,968 | ---- | M | MD5 = C7D8A0517CBF16B84F657DE87EBE9D4B] (Microsoft Corporation) 8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime -> 2010-09-15 18:55:41 -> [Alternate Data Streams] @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > |
23.09.2010, 18:37 | #80 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Bestehen Probleme mit dem CDRom? Scan mit SystemLook Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror #1 - Download Mirror #2
|
23.09.2010, 19:11 | #81 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung jo das ist richtig CDs werden nicht richtig abgespielt, verzerrter Ton, ist aber schon 3 Jahre so und hat mich aber nicht weiter gestört, bzw habs halt nicht benutzt. hier der log: Code:
ATTFilter SystemLook 04.09.10 by jpshortstuff Log created at 20:05 on 23/09/2010 by HP_Besitzer Administrator - Elevation successful ========== filefind ========== Searching for "*cdrom.sys" C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys -----c- 49536 bytes [19:00 10/02/2009] [04:00 04/08/2004] AF9C19B3100FE010496B1A27181FBF72 C:\WINDOWS\ServicePackFiles\i386\cdrom.sys ------- 62976 bytes [18:40 13/04/2008] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE C:\WINDOWS\system32\drivers\cdrom.sys --a---- 62976 bytes [04:00 04/08/2004] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE -= EOF =- die ich mit Malwarebytes wieder gelöscht habe. |
23.09.2010, 19:37 | #82 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Ich muss etwas abklären noch, werde mich dann wieder melden. Es wird sicherlich morgen werden. |
23.09.2010, 21:45 | #83 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung bin erst wieder samstag on. heute hat war im ordner xmldm nichts los. |
24.09.2010, 22:12 | #84 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Lade Dir den ProcessMonitor runter und verschiebe procmon.exe auf C:\ start --> ausführen (Vista User: suche starten) --> notepad (reinschreiben) Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter @echo off set vir=c:\windows\system32\xmldm cd \ if exist "%vir%" ( rd /s /q %vir% start C:\procmon.exe ) echo. Warte bis Ordner existiert echo. pause echo. Fenster nicht schliessen !! :check if exist "%vir%" ( cls color fc echo Bitte Logfile speichern pause >nul ) else ( goto check ) Speichere diese unter xmldm.bat auf Deinem Desktop. Wähle bei Dateityp alle Dateien aus. Bei Codierung bitte ANSI auswählen. Doppelklick auf die xmldm.bat Vista- User: Mit Rechtsklick "als Administrator starten" ausführen Poste mir bitte den Inhalt |
25.09.2010, 16:22 | #85 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung so habs genau gemacht wie beschrieben. es hat sich das Monitor Process geöffnet und ist losgelaufen. 1. Versuch bekam ich nach ca 3mio Datensätzen die Meldung: "A System or aplication resort limt prevents Process Monnitor from capturing additional events" danach gings nicht mehr weiter, cmd.exe hat zwar noch weitergearbeitet aber nichts mehr passiert. hab dann abgebrochen Neustart 2. Versuch diesmal bis fast 5 Mio gekommen, dann wieder fehlermeldung irgendwas mit ausgelagerte Datei zu groß und wieder ging nichts mehr. |
26.09.2010, 13:08 | #86 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung
|
26.09.2010, 17:29 | #87 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung ich hab jetzt mehrere Versuche gemacht, aber die Dateien sind auch als Zip jeweils zu groß 1000 kb und ich hab schnell gemacht. |
27.09.2010, 23:28 | #88 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Kannst Du erkennen was den ordner c:\windows\system32\xmldm herstellt? |
28.09.2010, 19:34 | #89 |
| TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung der ordner xmldm wird ja immer erstellt wenn firefox neu gestartet wird. jetzt habe ich beim Monitor Process 2 Dateien erstellt die alle das Wort "xmldm" enthält. 1. Datei logfile detail musst du "path contains xmldm include" wegklicken um die beiden Datensätze zu sehen. 2. Datei logfile path musst du " detail contains xmldm include" wegklicken um die 8 Datensätze zu sehen. vielleicht hilft dir das weiter. |
30.09.2010, 18:50 | #90 |
/// Malwareteam | TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Deinstalliere einmal Firefox ganz nach dieser Anleitung und installiere ihn wieder neu. Danach mache einen Scan mit Malwarebytes und poste das Log. Geändert von Swisstreasure (30.09.2010 um 19:04 Uhr) |
Themen zu TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung |
.dll, 5 minuten, acroiehelpe, anti-malware, antivir, auswertung, browser, center, dateien, explorer, festgestellt, firefox, gmer, grundlos, hallo zusammen, helper, hintergrundgeräusche, löschen, malwarebytes, microsoft, nicht sicher, software, start, stolen.data, system volume information, system32, task manager, tr/dropper.gen, trojaner, trojaner gehabt, xmldm |