TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung

Swisstreasure · 20.09.2010, 18:35

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lösche die Combo-Fix.exe auf dem Desktop und lade ComboFix von einem der unten aufgeführten Links erneut herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

eselvormberg · 20.09.2010, 22:12

Code:

ATTFilter

ComboFix 10-09-20.01 - HP_Besitzer 20.09.2010  22:49:38.5.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.446.240 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-20 bis 2010-09-20  ))))))))))))))))))))))))))))))
.

2010-09-19 20:16 . 2010-09-20 18:28	--------	d-----w-	c:\windows\system32\xmldm
2010-09-14 17:43 . 2010-09-14 17:43	77	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_E48F4F4FF408A9E4487D3C24380F80F8.dll
2010-09-14 17:43 . 2010-09-14 17:43	1180	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_F65865963B6B0EB4ABB0F894B53E0233.dll
2010-09-14 17:43 . 2010-09-14 17:43	10	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_F60730A4A66673047777F5728467D401.dll
2010-09-14 17:43 . 2010-09-14 17:43	3952	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_8FA009BE16CC51E478B1891DAEE30852.dll
2010-09-14 17:43 . 2010-09-14 17:43	566	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2F44939A4D2D0574FB7EA982F8AE2FFC.dll
2010-09-14 17:43 . 2010-09-14 17:43	27	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_4EA42A62D9304AC4784BF238120602FF.dll
2010-09-12 14:59 . 2010-09-12 14:59	--------	d-----w-	c:\programme\7-Zip
2010-09-05 16:06 . 2010-09-05 16:07	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Apple Computer
2010-09-05 15:47 . 2010-09-11 07:17	--------	d-----w-	C:\AVZ
2010-09-04 17:41 . 2010-09-04 17:41	--------	d-----w-	c:\programme\Secunia
2010-09-04 17:16 . 2010-09-04 17:16	503808	----a-w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42892712-n\msvcp71.dll
2010-09-04 17:16 . 2010-09-04 17:16	499712	----a-w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42892712-n\jmc.dll
2010-09-04 17:16 . 2010-09-04 17:16	348160	----a-w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-42892712-n\msvcr71.dll
2010-09-04 17:16 . 2010-09-04 17:16	12800	----a-w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-12c99582-n\decora-d3d.dll
2010-09-04 17:16 . 2010-09-04 17:16	61440	----a-w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-12c99582-n\decora-sse.dll
2010-09-04 17:16 . 2010-09-04 17:16	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-04 17:14 . 2010-09-04 17:57	79488	----a-w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\jre1.6.0_20\gtapi.dll
2010-09-04 17:14 . 2010-09-04 17:57	152576	----a-w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Sun\Java\jre1.6.0_20\lzma.dll
2010-09-04 17:02 . 2010-09-04 17:02	45056	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-09-04 17:02 . 2010-09-04 17:02	45056	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-09-04 17:02 . 2010-09-04 17:02	45056	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-09-04 17:02 . 2010-09-04 17:02	45056	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-09-04 17:02 . 2010-09-04 17:02	49152	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-09-04 17:02 . 2010-09-04 17:02	308808	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-09-04 17:02 . 2010-09-04 17:02	40960	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-09-04 17:02 . 2010-09-04 17:02	14848	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-09-04 17:02 . 2010-09-04 17:02	341600	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-09-04 17:01 . 2010-09-04 17:01	--------	d-----w-	c:\programme\Gemeinsame Dateien\xing shared
2010-09-04 16:51 . 2010-09-04 16:51	--------	d-----w-	c:\programme\Gemeinsame Dateien\Apple
2010-09-04 16:50 . 2010-09-04 16:50	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Apple
2010-09-04 16:49 . 2010-09-04 16:49	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2010-09-04 16:19 . 2010-09-04 16:19	--------	d-----w-	c:\programme\CCleaner
2010-08-30 20:59 . 2010-08-30 21:31	--------	d-----w-	C:\Combo-Fix
2010-08-29 18:11 . 2010-08-29 18:11	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes
2010-08-29 18:10 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 18:10 . 2010-08-29 18:10	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-08-29 18:10 . 2010-08-29 19:47	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-08-29 18:10 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-22 16:26 . 2010-08-22 16:26	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Help
2010-08-22 16:11 . 2010-08-22 16:11	799	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2425543A0EAD32542824DF2807A6FBB4.dll
2010-08-22 15:06 . 2010-09-04 16:17	--------	d-----w-	c:\programme\Unlocker

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 17:25 . 2006-11-19 11:48	--------	d-----w-	c:\programme\PokerStars
2010-09-19 20:04 . 2005-01-01 19:11	--------	d-----w-	c:\programme\Gemeinsame Dateien\Symantec Shared
2010-09-14 17:43 . 2010-08-22 16:11	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2010-09-11 17:31 . 2009-04-18 15:46	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\BSW
2010-09-04 18:24 . 2006-05-06 15:53	--------	d-----w-	c:\programme\Mozilla Thunderbird
2010-09-04 18:06 . 2009-02-07 17:13	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Thunderbird
2010-09-04 17:16 . 2005-01-01 18:29	--------	d-----w-	c:\programme\Gemeinsame Dateien\Java
2010-09-04 17:15 . 2004-11-02 18:10	64650	----a-w-	c:\windows\system32\perfc007.dat
2010-09-04 17:15 . 2004-11-02 18:10	392842	----a-w-	c:\windows\system32\perfh007.dat
2010-09-04 17:02 . 2005-01-01 18:55	--------	d-----w-	c:\programme\Gemeinsame Dateien\Real
2010-09-04 17:01 . 2005-01-01 18:55	--------	d-----w-	c:\programme\Real
2010-09-04 16:52 . 2007-09-24 18:57	--------	d-----w-	c:\programme\QuickTime
2010-09-04 16:50 . 2007-09-24 18:56	--------	d-----w-	c:\programme\Apple Software Update
2010-08-29 14:52 . 2010-06-06 17:46	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Uniblue
2010-08-29 14:52 . 2010-06-06 17:46	--------	d-----w-	c:\programme\Uniblue
2010-08-22 16:26 . 2010-08-22 16:11	--------	d-----w-	c:\programme\Security Task Manager
2010-08-22 16:11 . 2010-08-22 16:11	57	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_200845A2240938042A076B4737ED0137.dll
2010-08-22 16:11 . 2010-08-22 16:11	116	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_20481667D97199646AB63D155C4963CB.dll
2010-08-22 16:11 . 2010-08-22 16:11	10	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_24E9EE35BCEC29C4FB67C96AD5FAF8C1.dll
2010-08-22 16:11 . 2010-08-22 16:11	6205	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1FCF3F43B71816D46BFA919D84A6EF0A.dll
2010-08-22 16:11 . 2010-08-22 16:11	699	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1E32C765085758148B2C0308657792C7.dll
2010-08-22 16:11 . 2010-08-22 16:11	55	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0FF2F75B52A523345B3054293B070CF2.dll
2010-08-22 16:11 . 2010-08-22 16:11	3356	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1F972D4B9034cc944A5BA3D0E2957C5B.dll
2010-08-22 16:11 . 2010-08-22 16:11	210	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll
2010-08-22 16:11 . 2010-08-22 16:11	2056	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_06AFB87E393583C428BA8E10E964E44B.dll
2010-08-22 16:11 . 2010-08-22 16:11	1055	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D227AB21D84E6041932A85E34D136FE.dll
2010-08-22 16:11 . 2010-08-22 16:11	58	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll
2010-08-22 16:11 . 2010-08-22 16:11	833	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll
2010-08-22 14:19 . 2010-08-21 12:36	--------	d-----w-	c:\programme\iKnowPS
2010-08-19 13:56 . 2010-08-19 13:56	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fighters
2010-08-19 13:55 . 2010-08-19 13:55	--------	d-----w-	c:\programme\Fighters
2010-08-17 13:17 . 2004-08-04 04:00	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-07-22 15:48 . 2004-08-04 04:00	590848	----a-w-	c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-07-07 14:05 . 2010-07-07 14:05	14904	----a-w-	c:\windows\system32\drivers\psi_mf.sys
2010-07-01 20:12 . 2010-07-01 20:12	112	----a-w-	c:\windows\system32\srvblck2.tmp
2010-06-30 12:28 . 2004-08-04 04:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 04:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-04 04:00	1852032	------w-	c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-31_17.05.03   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-20 16:54 . 2010-09-20 16:54	16384              c:\windows\Temp\Perflib_Perfdata_7f4.dat
- 2010-07-06 18:51 . 2010-02-22 14:22	18808              c:\windows\system32\spmsg.dll
+ 2010-07-06 18:51 . 2009-05-26 09:01	18808              c:\windows\system32\spmsg.dll
- 2004-11-02 18:10 . 2010-08-18 13:06	53572              c:\windows\system32\perfc009.dat
+ 2004-11-02 18:10 . 2010-09-04 17:15	53572              c:\windows\system32\perfc009.dat
+ 2010-08-17 13:17 . 2010-08-17 13:17	58880              c:\windows\system32\dllcache\spoolsv.exe
+ 2010-09-04 17:01 . 2010-09-04 17:01	20480              c:\windows\Installer\51cbbf.msi
+ 2010-09-04 16:50 . 2010-09-04 16:50	27136              c:\windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
+ 2010-09-04 17:01 . 2010-09-04 17:01	5632              c:\windows\system32\pndx5032.dll
- 2005-01-01 18:55 . 2005-01-01 18:55	5632              c:\windows\system32\pndx5032.dll
+ 2010-09-04 17:01 . 2010-09-04 17:01	6656              c:\windows\system32\pndx5016.dll
- 2005-01-01 18:55 . 2005-01-01 18:55	6656              c:\windows\system32\pndx5016.dll
+ 2009-07-11 23:12 . 2009-07-11 23:12	632656              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 23:09 . 2009-07-11 23:09	554832              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 23:08 . 2009-07-11 23:08	479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
- 2004-08-04 04:00 . 2008-04-14 02:22	293888              c:\windows\system32\winsrv.dll
+ 2004-08-04 04:00 . 2010-06-18 17:44	293888              c:\windows\system32\winsrv.dll
+ 2004-08-04 04:00 . 2010-04-16 15:36	406016              c:\windows\system32\usp10.dll
- 2004-08-04 04:00 . 2008-04-14 02:22	406016              c:\windows\system32\usp10.dll
+ 2010-09-04 17:02 . 2010-09-04 17:02	185920              c:\windows\system32\rmoc3260.dll
+ 2005-01-01 18:55 . 2010-09-04 17:01	278528              c:\windows\system32\pncrt.dll
- 2005-01-01 18:55 . 2005-01-01 18:55	278528              c:\windows\system32\pncrt.dll
+ 2004-11-02 18:10 . 2010-09-04 17:15	381828              c:\windows\system32\perfh009.dat
- 2004-11-02 18:10 . 2010-08-18 13:06	381828              c:\windows\system32\perfh009.dat
+ 2006-10-18 19:47 . 2010-03-30 10:24	317440              c:\windows\system32\mp4sdecd.dll
- 2006-10-18 19:47 . 2006-10-18 19:47	317440              c:\windows\system32\MP4SDECD.dll
+ 2010-08-29 15:22 . 2010-09-04 17:53	232912              c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe
- 2010-08-29 15:22 . 2010-08-29 15:22	232912              c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe
+ 2010-09-04 17:16 . 2010-09-04 17:16	153376              c:\windows\system32\javaws.exe
+ 2010-09-04 17:16 . 2010-09-04 17:16	145184              c:\windows\system32\javaw.exe
+ 2010-09-04 17:16 . 2010-09-04 17:16	145184              c:\windows\system32\java.exe
+ 2004-08-04 04:00 . 2010-06-09 07:43	692736              c:\windows\system32\inetcomm.dll
+ 2010-06-18 17:44 . 2010-06-18 17:44	293888              c:\windows\system32\dllcache\winsrv.dll
+ 2010-04-16 15:36 . 2010-04-16 15:36	406016              c:\windows\system32\dllcache\usp10.dll
+ 2009-04-15 14:51 . 2010-07-22 15:48	590848              c:\windows\system32\dllcache\rpcrt4.dll
+ 2010-03-30 10:24 . 2010-03-30 10:24	317440              c:\windows\system32\dllcache\mp4sdecd.dll
+ 2009-02-08 14:09 . 2010-06-09 07:43	692736              c:\windows\system32\dllcache\inetcomm.dll
+ 2010-09-04 17:16 . 2010-09-04 17:16	180224              c:\windows\Installer\6887c9.msi
+ 2010-09-04 17:16 . 2010-09-04 17:16	577536              c:\windows\Installer\6887c3.msi
+ 2010-09-04 16:51 . 2010-09-04 16:51	807936              c:\windows\Installer\51c981.msi
+ 2009-07-18 03:21 . 2010-09-04 17:53	5969360              c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-07-18 03:21 . 2010-08-29 15:22	5969360              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-09-04 16:52 . 2010-09-04 16:52	9472000              c:\windows\Installer\51cbb4.msi
+ 2010-09-04 16:50 . 2010-09-04 16:50	1549312              c:\windows\Installer\51c97b.msi
+ 2009-02-09 18:38 . 2010-09-15 18:53	35552200              c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-08-10 421888]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-09-04 202256]

c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmen\Programme\Autostart\
Secunia PSI.lnk - c:\programme\Secunia\PSI\psi.exe [2010-7-21 965176]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Action Manager 32.lnk - c:\programme\ScannerU\AM32.exe [2006-12-26 69632]
Gigaset WLAN Adapter Monitor.lnk - c:\programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe [2004-6-4 327680]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [07.07.2010 16:05 14904]
S3 SE4501D;Gigaset USB Adapter 54 Driver;c:\windows\system32\drivers\SE4501D.sys [07.02.2009 15:39 379232]
.
Inhalt des "geplante Tasks" Ordners

2010-09-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]

2010-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html
IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-20 22:57
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1504)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-09-20  23:00:54
ComboFix-quarantined-files.txt  2010-09-20 21:00
ComboFix2.txt  2010-09-03 17:09

Vor Suchlauf: 16 Verzeichnis(se), 133.849.751.552 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 133.879.681.024 Bytes frei

- - End Of File - - FE891A47804F0D458A0D56717FC277E0

mein internet war heut extrem holprig, dauernd wurde mir die verbindung getrennt, weiß natürlich nicht ob das mit dem Trojaner zusammenhängt.

Swisstreasure · 22.09.2010, 19:18

Downloade OTS.exe und speichere es unbedingt auf Deinem Desktop. Doppelklick auf die OTS.exe
Wenn Dein Anti-Viren-Programm bei OTS Meldung macht, erlaube es.

Mache einen Haken bei "Scan All Users und Include MD5".
Kopiere folgenden Text in die Box.

Code:

ATTFilter

%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Unter der Box klicke auf den Button.
Hake nun folgende Einträge an:
- Reg- Active Sub Paths
- App Paths
- Approved Shell Extensions
- Disabled MS Config Items
- Drivers32
- NetSvcs
- File Lop Check
- File Purity Check
Mache währenddessen nichts anderes an dem Rechner.
Wenn der Scan durchgeführt ist (Scan complete!), öffnet sich der Editor mit dem Logfile.
Auch zu finden auf dem Desktop ( OTS.txt )
Schließe nun alle laufenden Programme sowie deinen Browser.
Klicke auf den links oben, um die Untersuchung zu starten

Hänge diese Log bitte hier an, die ist nicht gerade kurz.

eselvormberg · 22.09.2010, 21:12

ots:

Code:

ATTFilter

OTS logfile created on: 22.09.2010 21:30:01 - Run 2
OTS by OldTimer - Version 3.1.38.1     Folder = C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
446,00 Mb Total Physical Memory | 212,00 Mb Available Physical Memory | 47,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143,45 Gb Total Space | 124,74 Gb Free Space | 86,96% Space Free | Partition Type: NTFS
Drive D: | 5,59 Gb Total Space | 0,50 Gb Free Space | 9,03% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NAME-CD5FDA878D
Current User Name: HP_Besitzer
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTS.exe -> [2010.09.22 20:54:30 | 000,641,536 | ---- | M | MD5 = 9A719DC92BA73362621B65ABE6B0289D] (OldTimer Tools)
realsched.exe -> C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -> [2010.09.04 19:01:23 | 000,202,256 | ---- | M | MD5 = 9ACE8ECDB1EBC519F48AA65DE5875573] (RealNetworks, Inc.)
jucheck.exe -> C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe -> [2010.02.18 11:43:20 | 000,490,728 | ---- | M | MD5 = D4DDB8CF58103E8CE8E99101C467C979] (Sun Microsystems, Inc.)
jusched.exe -> C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe -> [2010.02.18 11:43:18 | 000,248,040 | ---- | M | MD5 = 52DB6CDAC5BC7A1FC884E97C41C91213] (Sun Microsystems, Inc.)
sched.exe -> C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008.10.15 14:31:50 | 000,068,865 | ---- | M | MD5 = D6C8942BEA3698A2E7559BD423BFA5D7] (Avira GmbH)
avguard.exe -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008.10.15 14:29:58 | 000,151,297 | ---- | M | MD5 = 335A142923FE7F97E8C8388ACD067568] (Avira GmbH)
avgnt.exe -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> [2008.06.12 14:28:40 | 000,266,497 | ---- | M | MD5 = 6E812818306D460D62B4ABEA9FDC6679] (Avira GmbH)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E] (Microsoft Corporation)
gigasetusbmonitor.exe -> C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe -> [2004.06.04 12:53:00 | 000,327,680 | ---- | M | MD5 = DB9CE9C2FBBA95533D5CFEA24F06B456] ()
 
[Modules - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTS.exe -> [2010.09.22 20:54:30 | 000,641,536 | ---- | M | MD5 = 9A719DC92BA73362621B65ABE6B0289D] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008.04.14 04:21:06 | 000,110,592 | ---- | M | MD5 = 8354A33FC0CD75F34D310B7EE8CBD621] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(Automatisches LiveUpdate - Scheduler) Automatisches LiveUpdate - Scheduler [Auto | Stopped] -> C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> File not found
(AppMgmt) Anwendungsverwaltung [On_Demand | Stopped] -> C:\WINDOWS\System32\appmgmts.dll -> File not found
(AntiVirScheduler) Avira AntiVir Personal - Free Antivirus Planer [Auto | Running] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -> [2008.10.15 14:31:50 | 000,068,865 | ---- | M | MD5 = D6C8942BEA3698A2E7559BD423BFA5D7] (Avira GmbH)
(AntiVirService) Avira AntiVir Personal - Free Antivirus Guard [Auto | Running] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -> [2008.10.15 14:29:58 | 000,151,297 | ---- | M | MD5 = 335A142923FE7F97E8C8388ACD067568] (Avira GmbH)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004.10.22 11:24:18 | 000,073,728 | ---- | M | MD5 = 6F95324909B502E2651442C1548AB12F] (Macrovision Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Boot | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2004.09.29 20:14:36 | 000,069,632 | ---- | M | MD5 = 9D84376931440F3679BEEF2A414FA493] (HP)
 
[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOKUME~1\HP_BES~1.NAM\LOKALE~1\Temp\catchme.sys -> File not found
(PSI) PSI [File_System | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\psi_mf.sys -> [2010.07.07 16:05:32 | 000,014,904 | ---- | M | MD5 = 1DF21F001F3A94EBA4A2950C70CC358F] (Secunia)
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2009.05.30 17:42:50 | 000,075,096 | ---- | M | MD5 = 0B09DF022250FB7BA91FB932EAC6EA9B] (Avira GmbH)
(avgntflt) avgntflt [File_System | On_Demand | Running] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> [2009.05.30 17:41:23 | 000,052,056 | ---- | M | MD5 = FCB30820BED1D3FEB55E3DD55A3F947F] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -> [2009.05.30 17:41:14 | 000,011,608 | ---- | M | MD5 = 87828ECD657F81503465AC705E845076] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2007.11.08 19:03:26 | 000,021,248 | ---- | M | MD5 = 71D609C5DFF067906D930BDE031C4CFE] (AVIRA GmbH)
(AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AvgArCln.sys -> [2007.01.18 14:00:28 | 000,003,968 | ---- | M | MD5 = EC08D1625F5C6CF2A57B79EB35186F8C] (GRISOFT, s.r.o.)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005.12.13 01:27:00 | 000,019,072 | ---- | M | MD5 = 390C204CED3785609AB24E9C52054A84] (Hewlett-Packard Company)
(RTL8023xp) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtnicxp.sys -> [2005.09.30 20:11:42 | 000,078,720 | ---- | M | MD5 = 7889E3981E0A5D347E037ABD467D53A5] (Realtek Semiconductor Corporation                           )
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2005.08.30 00:11:00 | 003,644,928 | ---- | M | MD5 = 7F26D024355CBADB60838F53DFB171EC] (Realtek Semiconductor Corp.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2005.08.14 07:35:54 | 001,313,792 | ---- | M | MD5 = 7A6CF9F411A9C5BD5C442A1CD46AF401] (ATI Technologies Inc.)
(AmdK8) AMD-Prozessortreiber [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2005.03.09 22:53:00 | 000,043,008 | ---- | M | MD5 = 769844EB65DF6A62AA51B886290FE51D] (Advanced Micro Devices)
(rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004.08.03 22:31:34 | 000,020,992 | ---- | M | MD5 = D507C1400284176573224903819FFDA3] (Realtek Semiconductor Corporation)
(SE4501D) Gigaset USB Adapter 54 Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\SE4501D.sys -> [2004.06.02 03:43:00 | 000,379,232 | R--- | M | MD5 = 8DC9CF101D175A1DAF2FD917E19A68B1] (Siemens AG)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> -> 
HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\FireFox\Profiles\qcaul68r.default\prefs.js -> 
browser.startup.homepage -> "hxxp://erotik.freenet.de/freenet/index.html" ->
extensions.enabledItems -> {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} -> C:\WINDOWS\system32\5005 [C:\WINDOWS\SYSTEM32\5005] -> [2010.07.01 22:12:52 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components -> C:\Programme\Mozilla Firefox\components [C:\PROGRAMME\MOZILLA FIREFOX\COMPONENTS] -> [2010.09.19 17:03:40 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins -> C:\Programme\Mozilla Firefox\plugins [C:\PROGRAMME\MOZILLA FIREFOX\PLUGINS] -> [2010.09.19 17:03:40 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions ->  -> 
HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components -> C:\Programme\Mozilla Thunderbird\components [C:\PROGRAMME\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010.09.04 20:24:08 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins -> C:\PROGRAMME\MOZILLA THUNDERBIRD\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\Extensions -> [2010.09.04 20:06:40 | 000,000,000 | ---D | M]
No name found   -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010.09.04 20:06:40 | 000,000,000 | ---D | M]
  -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\Firefox\Profiles\qcaul68r.default\extensions -> [2010.09.22 19:03:53 | 000,000,000 | ---D | M]
CookieSafe   -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Mozilla\Firefox\Profiles\qcaul68r.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} -> [2009.02.07 21:01:51 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Programme\Mozilla Firefox\extensions -> [2010.09.22 19:03:53 | 000,000,000 | ---D | M]
Java Console   -> C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -> [2010.09.04 19:16:29 | 000,000,000 | ---D | M]
< HOSTS File > ([2010.09.03 19:05:08 | 000,000,027 | ---- | M | MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2004.12.14 09:56:50 | 000,063,136 | ---- | M | Unable to obtain MD5] (Adobe Systems Incorporated)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Anmelde-Hilfsprogramm] -> [2009.01.22 16:41:30 | 000,408,448 | ---- | M | MD5 = B7899C3E21B299D7A3C0DA96CAE340BD] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\Programme\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\Programme\Google\GoogleToolbar1.dll [&Google] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\Programme\Google\GoogleToolbar1.dll [&Google] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.)
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avgnt" -> C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> [2008.06.12 14:28:40 | 000,266,497 | ---- | M | MD5 = 6E812818306D460D62B4ABEA9FDC6679] (Avira GmbH)
"HPBootOp" -> C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2005.11.10 02:29:16 | 000,249,856 | ---- | M | MD5 = 42DCC44CF5FA41100D7A5BE01D866180] (Hewlett-Packard Company)
"HPHUPD08" -> c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [c:\Programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe] -> [2005.06.02 08:35:56 | 000,049,152 | ---- | M | MD5 = 4F113169A2DE985D043A5530987AD6D0] (Hewlett-Packard)
"Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005.07.22 23:14:00 | 000,237,568 | ---- | M | MD5 = F3EAEA279F09A7779C18793C87640794] ()
"SunJavaUpdateSched" -> C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe ["C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"] -> [2010.02.18 11:43:18 | 000,248,040 | ---- | M | MD5 = 52DB6CDAC5BC7A1FC884E97C41C91213] (Sun Microsystems, Inc.)
"TkBellExe" -> C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe ["C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot] -> [2010.09.04 19:01:23 | 000,202,256 | ---- | M | MD5 = 9ACE8ECDB1EBC519F48AA65DE5875573] (RealNetworks, Inc.)
< All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -> 
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Action Manager 32.lnk -> C:\Programme\ScannerU\AM32.exe -> [2003.11.26 22:43:50 | 000,069,632 | ---- | M | MD5 = C4666FCCC6C5CA3293793BC46BC19347] ()
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Gigaset WLAN Adapter Monitor.lnk -> C:\Programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe -> [2004.06.04 12:53:00 | 000,327,680 | ---- | M | MD5 = DB9CE9C2FBBA95533D5CFEA24F06B456] ()
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk -> C:\Programme\Microsoft Office\Office\OSA9.EXE -> [1999.02.17 23:05:56 | 000,065,588 | ---- | M | MD5 = 42C7AE295C038DCD406C38A535E33840] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart -> 
< HP_Besitzer - alt Startup Folder > -> C:\Dokumente und Einstellungen\HP_Besitzer - alt\Startmenü\Programme\Autostart -> 
< HP_Besitzer.NAME-CD5FDA878D Startup Folder > -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmenü\Programme\Autostart -> 
C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmenü\Programme\Autostart\Secunia PSI.lnk -> C:\Programme\Secunia\PSI\psi.exe -> [2010.07.21 13:43:54 | 000,965,176 | ---- | M | MD5 = E838BE73C6946B39705A376BF821B3B5] (Secunia)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Google-Suche -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.)
&Ins Deutsche übersetzen -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.)
Ähnliche Seiten -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.)
Im Cache gespeicherte Seite -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.)
Verweisseiten -> C:\Programme\Google\GoogleToolbar1.dll [res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html] -> [2005.01.01 21:09:10 | 001,172,992 | R--- | M | MD5 = 46D0C879DE65A1E607B95B65845727C6] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Hilfe zu Verbindungen] -> [2005.01.01 21:04:22 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Hilfe zu Verbindungen] -> [2005.01.01 21:04:22 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Hilfe zu Verbindungen] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Hilfe zu Verbindungen] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Hilfe zu Verbindungen] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> hxxp://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Java Plug-in 1.5.0_05] -> 
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab [Java Plug-in 1.6.0_20] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{74037B92-63E7-40CD-96A6-F0EF1D14DABA}\\DhcpNameServer -> 15.243.128.51 15.243.160.51   (Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2005.08.14 07:30:44 | 000,046,080 | ---- | M | MD5 = 92AF7C28C332C1AA1D9F1ED46CCEA7A2] (ATI Technologies Inc.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" -> C:\Programme\Windows Live\Messenger\wlcsdk.exe [C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009.02.06 19:21:00 | 000,583,024 | ---- | M | MD5 = 385806015ADB90796A529201DBFF15A5] (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Programme\Windows Live\Sync\WindowsLiveSync.exe [C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009.07.26 13:05:30 | 001,169,224 | ---- | M | MD5 = F12BC57A34FA372F85FB1B6A2FE8C4A3] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe [C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005.05.11 05:34:02 | 000,151,635 | ---- | M | MD5 = 6D6C0F58E648BDADDB9B19C25D66C5A4] (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Programme\HP\Digital Imaging\bin\hpoews01.exe [C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2005.06.03 18:06:04 | 000,057,344 | ---- | M | MD5 = B7DA04642686A2CD6EEB98075FE30389] (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe [C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2005.06.03 17:50:00 | 000,225,280 | ---- | M | MD5 = E57907B5BE8A377202F20C1B112BCC92] (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Programme\HP\Digital Imaging\bin\hposfx08.exe [C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2005.06.03 17:50:14 | 000,040,960 | ---- | M | MD5 = 371745D60E48B22A4119187C42B030F3] (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" -> C:\Programme\HP\Digital Imaging\bin\hposid01.exe [C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2005.06.03 17:45:46 | 000,081,920 | ---- | M | MD5 = 5D01C6843C5F863C915A0E168470A703] (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe [C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2005.06.03 18:12:34 | 000,172,032 | ---- | M | MD5 = 944705832CB725BE512AA0FC3D733A10] (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2005.06.03 17:51:06 | 000,458,752 | ---- | M | MD5 = 7C04BF2E66481DC21E47BB7EB6F34E0A] (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2005.09.16 08:34:18 | 000,733,184 | ---- | M | MD5 = 5E92E63936FC6662D484C8F6D8D866E0] ( )
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2005.09.16 08:29:38 | 000,421,888 | ---- | M | MD5 = 6F92CFB9EA89EFA0F2E6FAA54C47B0FF] ()
"C:\Programme\Mozilla Firefox\firefox.exe" -> C:\Programme\Mozilla Firefox\firefox.exe [C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2010.09.19 17:03:31 | 000,910,296 | ---- | M | MD5 = A26898623D61508C2FA3F5672C11FA5D] (Mozilla Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" -> C:\Programme\Windows Live\Messenger\wlcsdk.exe [C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009.02.06 19:21:00 | 000,583,024 | ---- | M | MD5 = 385806015ADB90796A529201DBFF15A5] (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Programme\Windows Live\Sync\WindowsLiveSync.exe [C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync] -> [2009.07.26 13:05:30 | 001,169,224 | ---- | M | MD5 = F12BC57A34FA372F85FB1B6A2FE8C4A3] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM-Laufwerktreiber -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004.11.02 20:05:56 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001.07.27 15:07:38 | 000,000,000 | -HS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Programme\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2010.04.12 18:35:02 | 000,270,336 | ---- | M | MD5 = 82CD9719A11D9FEF7CA751DA31651158] (Sun Microsystems, Inc.)
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 01 00 00 00  [binary data]] -> File not found
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] ->  [ComponentID: NetShow; IsInstalled: 1] -> 
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] ->  [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] -> 
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found
{2A3320D6-C805-4280-B423-B665BDE33D8F} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Security Update (KB979906); IsInstalled: 1] -> File not found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> 
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML-Datenbindung für Java; IsInstalled: 1] -> File not found
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Uniscribe; IsInstalled: 1] -> File not found
{411EDCF7-755D-414E-A74B-3DCD6583F589} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Service Pack 1 (KB867460); IsInstalled: 1] -> File not found
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Erweitertes Authoring; IsInstalled: 1] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00  [binary data]] -> 
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.8; IsInstalled: 1] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] -> 
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] -> 
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Adressbuch 6; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop-Update; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] -> 
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> 
{8b15971b-5355-4c82-8c07-7e181ea07608} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser [(default): Fax; IsInstalled: 1] -> 
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found
{94de52c8-2d59-4f1b-883e-79663d2d9a8c} [StubPath] ->  [(default): Fax Provider; IsInstalled: 1] -> 
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Taskplaner; IsInstalled: 1] -> File not found
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00  [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash.ocx [(default): Macromedia Shockwave Flash; IsInstalled: 01 00 00 00  [binary data]] -> [2003.12.08 22:01:58 | 000,933,888 | ---- | M | MD5 = F7E435D02F7A48120B746E33254A70BC] (Macromedia, Inc.)
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found
{E78BFA60-5393-4C38-82AB-E8019E464EB4} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00  [binary data]] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): Versions-Update für Internet Explorer; IsInstalled: 1] -> 
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] -> 
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> 
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] -> 
< ActiveX StubPath [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{8b15971b-5355-4c82-8c07-7e181ea07608} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{94de52c8-2d59-4f1b-883e-79663d2d9a8c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
InitiallyClear [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 
7zFM.exe -> C:\Programme\7-Zip\7zFM.exe [C:\Programme\7-Zip\7zFM.exe] -> [2010.03.15 09:46:04 | 000,418,304 | ---- | M | MD5 = 880FBB9AD66CE0EF53D1DCD52060F284] (Igor Pavlov)
AcroRd32.exe -> C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe [C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe] -> [2004.12.14 12:44:30 | 000,065,536 | ---- | M | MD5 = 1412A6785B953D99A2A83A1ED706ACE8] (Adobe Systems Incorporated)
bckgzm.exe -> C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe [C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe] -> [2004.08.04 06:00:00 | 000,042,577 | ---- | M | MD5 = 201CA5901895B439557C945A73F213FD] (Microsoft Corporation)
ccleaner.exe -> C:\Programme\CCleaner\CCleaner.exe [C:\Programme\CCleaner\ccleaner.exe] -> [2010.08.26 21:23:34 | 001,779,512 | ---- | M | MD5 = D85E2174F92F4198451563B714CBB361] (Piriform Ltd)
chkrzm.exe -> C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe [C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe] -> [2004.08.04 06:00:00 | 000,042,575 | ---- | M | MD5 = 5CB19E77D8D7EDE3F803B52D3C8CDE16] (Microsoft Corporation)
combofix.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe [C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe] -> [2010.09.20 22:40:41 | 003,847,603 | R--- | M | MD5 = 3260BA081B03BF08B4A26F159CB9BC91] ()
CONF.EXE -> C:\Programme\NetMeeting\conf.exe [C:\Programme\NetMeeting\conf.exe] -> [2008.04.14 04:22:39 | 001,040,384 | ---- | M | MD5 = D52FA0554CC9A767299710BBE7454A35] (Microsoft Corporation)
dialer.exe -> C:\Programme\Windows NT\dialer.exe [C:\Programme\Windows NT\dialer.exe] -> [2008.04.14 04:22:42 | 000,545,280 | ---- | M | MD5 = 32540B63C37A6592E0FEB8AE598154A7] (Microsoft Corporation)
DVDPlay.exe -> C:\Programme\HP\DVDPlay\DVDPlay.exe [C:\Programme\HP\DVDPlay\DVDPlay.exe] -> [2006.01.02 21:26:20 | 000,057,344 | ---- | M | MD5 = F7DC4D27716543BA0FC4B65E2CCA9DB4] (CyberLink Corp.)
Excel.exe -> C:\Programme\Microsoft Office\Office\EXCEL.EXE [C:\PROGRA~1\MICROS~3\Office\EXCEL.EXE] -> [1999.03.21 02:54:56 | 007,151,661 | R--- | M | MD5 = 3EE0A49D97B1EF4F5EEDA3EE744DD943] (Microsoft Corporation)
frontpg.exe -> C:\Programme\Microsoft Office\Office\FRONTPG.EXE [C:\PROGRA~1\MICROS~3\Office\FRONTPG.EXE] -> [1999.03.20 08:06:38 | 001,990,730 | R--- | M | MD5 = CC53621D56155E5F3FDF6D3694DCEA36] (Microsoft Corporation)
HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [%Systemroot%\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008.04.14 04:22:47 | 000,769,024 | ---- | M | MD5 = B63C804F5777FB0694D083F321ED6071] (Microsoft Corporation)
HpqApkil.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe [c:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe] -> [2005.09.16 08:33:56 | 000,049,664 | ---- | M | MD5 = FCA335BF8AE66C76E2F6F453C9AE4F66] ()
HpqDIA.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe [c:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe] -> [2005.09.16 08:34:18 | 000,733,184 | ---- | M | MD5 = 5E92E63936FC6662D484C8F6D8D866E0] ( )
HpqDIAS.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqDIAS.exe [c:\Programme\HP\Digital Imaging\Unload\HpqDIAS.exe] -> [2005.09.16 08:34:18 | 000,339,968 | ---- | M | MD5 = BAAF254642ECADBE0031C3605DE8079F] ( )
hpqimzone.exe -> c:\Programme\HP\Digital Imaging\bin\hpqimzone.exe [c:\Programme\HP\Digital Imaging\bin\hpqimzone.exe] -> [2005.09.24 08:42:32 | 000,475,136 | ---- | M | MD5 = 6C56CF33C2C6236A1162FDFC0BECD042] (Hewlett-Packard Development Company, L.P.)
HpqPhUnl.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe [c:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe] -> [2005.09.16 08:29:38 | 000,421,888 | ---- | M | MD5 = 6F92CFB9EA89EFA0F2E6FAA54C47B0FF] ()
HpqPSmon.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe [c:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe] -> [2005.09.16 08:34:18 | 000,114,688 | ---- | M | MD5 = 739062F4603EC965403F5A9F201EAEFF] ()
hpqthb08.exe -> c:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [c:\Programme\HP\Digital Imaging\bin\hpqthb08.exe] -> [2005.09.24 09:39:30 | 000,073,728 | ---- | M | MD5 = B2DDFF1F7FF31E8103DC221772353417] (Hewlett-Packard Development Company, L.P.)
HpqUnSet.exe -> c:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe [c:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe] -> [2005.09.16 08:29:38 | 000,057,344 | ---- | M | MD5 = E30D5B7E0C707E385CC706946B629825] (TODO: <Company name>)
hpquph.exe -> c:\Programme\HP\Digital Imaging\bin\hpquph.exe [c:\Programme\HP\Digital Imaging\bin\hpquph.exe] -> [2005.09.24 08:43:04 | 000,024,576 | ---- | M | MD5 = 51F697C62C238B123A5B4D1110E828CD] (Hewlett-Packard Development Company, L.P.)
hpqvpswp.exe -> c:\Programme\HP\Digital Imaging\bin\hpqvpswp.exe [c:\Programme\HP\Digital Imaging\bin\hpqvpswp.exe] -> [2005.09.19 17:21:06 | 000,204,800 | ---- | M | MD5 = BC08FB2BA355559D463F3DA9FF5604E5] (Hewlett-Packard)
HPSdpApp.exe -> C:\Programme\Hewlett-Packard\SDP\HPSdpApp.exe [C:\Programme\Hewlett-Packard\SDP\HPSdpApp.exe] -> [2005.09.08 20:23:00 | 000,843,858 | ---- | M | MD5 = A81EC81450D5176701D804F235483F31] (Hewlett-Packard)
hrtzzm.exe -> C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2004.08.04 06:00:00 | 000,042,573 | ---- | M | MD5 = 3889F32864A1BCB40B52BAB8DAE7CD79] (Microsoft Corporation)
hypertrm.exe -> C:\Programme\Windows NT\hypertrm.exe ["C:\Programme\Windows NT\hypertrm.exe"] -> [2004.08.04 06:00:00 | 000,028,160 | ---- | M | MD5 = 8430D122A2889AEF9F2783B70A1312F0] (Hilgraeve, Inc.)
ICWCONN1.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008.04.14 04:22:48 | 000,218,624 | ---- | M | MD5 = 2E7A34FE32391BE7E355CF2112CBFDA2] (Microsoft Corporation)
ICWCONN2.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008.04.14 04:22:48 | 000,086,016 | ---- | M | MD5 = BF8908D9736640CD2B568C360AABAAAD] (Microsoft Corporation)
INETWIZ.EXE -> C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008.04.14 04:22:49 | 000,020,480 | ---- | M | MD5 = B0C09CCBD188660FBEC6780638F7D430] (Microsoft Corporation)
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ISIGNUP.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2004.08.04 06:00:00 | 000,016,384 | ---- | M | MD5 = F692F7AAA0A5C08D7C86E9EB799D4FE8] (Microsoft Corporation)
ISPSignup.exe -> C:\Programme\Hewlett-Packard\SDP\BTBHost.exe [C:\Programme\Hewlett-Packard\SDP\BTBHost.exe] -> [2005.09.21 19:48:10 | 000,077,824 | ---- | M | MD5 = B272D7A9DC2C6FAC48FC4F97D7A1E0C8] (Hewlett Packard)
javaws.exe -> C:\Programme\Java\jre6\bin\javaws.exe [C:\Programme\Java\jre6\bin\javaws.exe] -> [2010.09.04 19:16:12 | 000,153,376 | ---- | M | MD5 = 9D452D6B1ED99F88C327349A644EB3A2] (Sun Microsystems, Inc.)
mbam.exe -> C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [C:\Programme\Malwarebytes' Anti-Malware\mbam.exe] -> [2010.04.29 12:19:18 | 001,090,952 | ---- | M | MD5 = 47EA3CF0F509480554A058C6D7641ED0] (Malwarebytes Corporation)
MediaHub.exe -> c:\Programme\Gemeinsame Dateien\Sonic Shared\Sonic Central\Main\Mediahub.exe [c:\Programme\Gemeinsame Dateien\Sonic Shared\Sonic Central\Main\Mediahub.exe] -> [2005.10.17 10:04:00 | 002,310,144 | ---- | M | MD5 = BE363FBE5177ED629E5A8A5932AC0DCE] ()
migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008.04.14 04:22:51 | 000,252,416 | ---- | M | MD5 = A85632ECE7174A730217BEA3B18FAE76] (Microsoft Corporation)
moviemk.exe -> C:\Programme\Movie Maker\moviemk.exe [C:\Programme\Movie Maker\moviemk.exe] -> [2010.06.18 15:36:12 | 003,558,912 | ---- | M | MD5 = B66621D7360044D3645C0AC059CF60B2] (Microsoft Corporation)
mplayer2.exe -> C:\Programme\Windows Media Player\mplayer2.exe ["C:\Programme\Windows Media Player\mplayer2.exe"] -> [2008.04.14 04:22:53 | 000,004,639 | ---- | M | MD5 = 74454AD03540B9E8B9C39563A4F10FB7] (Microsoft Corporation)
MSACCESS.EXE -> C:\Programme\Microsoft Office\Office\MSACCESS.EXE [C:\PROGRA~1\MICROS~3\Office\MSACCESS.EXE] -> [1999.03.21 02:50:40 | 004,677,686 | R--- | M | MD5 = 17F05C1F4AA034497111C5CFD6191B7C] (Microsoft Corporation)
MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [%systemroot%\pchealth\helpctr\Binaries\MSCONFIG.EXE] -> [2008.04.14 04:22:53 | 000,172,544 | ---- | M | MD5 = 07224089294758E956FA1DBCBF51B801] (Microsoft Corporation)
msimn.exe -> C:\Programme\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008.04.14 04:22:53 | 000,060,416 | ---- | M | MD5 = 426DC783E4E718B9F38A4C31436154FA] (Microsoft Corporation)
msinfo32.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\msinfo32.exe [C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2004.08.04 06:00:00 | 000,040,448 | ---- | M | MD5 = 7A4FB4C5ABEB89628D69AEC1BFD68449] (Microsoft Corporation)
MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
msworks.exe -> c:\Programme\Microsoft Works\MSWorks.exe [c:\Programme\Microsoft Works\msworks.exe] -> [2004.07.28 16:03:34 | 000,532,480 | ---- | M | MD5 = 1C7C474A0710CA9063B5253EDCD2A204] (Microsoft® Corporation)
MyDVD.exe -> c:\Programme\Sonic\MyDVD\MyDVD.EXE [c:\Programme\Sonic\MyDVD\MyDVD.EXE] -> [2005.12.09 14:14:00 | 023,818,240 | ---- | M | MD5 = 510B58ED005DF058DC41DA3DD1E2A866] (Sonic Solutions)
OUTLOOK.EXE -> C:\Programme\Microsoft Office\Office\OUTLOOK.EXE [C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE] -> [1998.12.17 00:09:20 | 000,057,393 | R--- | M | MD5 = F8604A5042F145364A214B4A7DAF1D94] (Microsoft Corporation)
pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009.12.17 09:40:01 | 000,346,624 | ---- | M | MD5 = 8B9D6800D0CAC42132CD1573A13CFE7B] (Microsoft Corporation)
pcdr5cuiw32.exe -> C:\Programme\PC-Doctor 5 for Windows\pcdr5cuiw32.exe [C:\Programme\PC-Doctor 5 for Windows\pcdr5cuiw32.exe] -> [2005.11.19 11:01:14 | 016,677,888 | ---- | M | MD5 = 81773630D3408A763B3CE982A6084769] ()
PictureViewer.exe -> C:\Programme\QuickTime\PictureViewer.exe [C:\Programme\QuickTime\PictureViewer.exe] -> [2010.08.10 05:15:50 | 000,557,056 | ---- | M | MD5 = 221AB0EADA3913C0CF5C6B04031F64BF] (Apple Inc.)
pinball.exe -> C:\Programme\Windows NT\Pinball\pinball.exe [C:\Programme\Windows NT\Pinball\pinball.exe] -> [2008.04.14 04:22:57 | 000,282,624 | ---- | M | MD5 = 97738A3B0AC3CD5C52BB350CBEEC2F23] (Cinematronics)
PowerPnt.exe -> C:\Programme\Microsoft Office\Office\POWERPNT.EXE [C:\PROGRA~1\MICROS~3\Office\POWERPNT.EXE] -> [1999.03.17 06:41:22 | 004,325,428 | R--- | M | MD5 = 90C4974BBC3C08EB3560CD806B36756C] ()
Python.exe -> C:\Python22\python.exe [C:\Python22\Python.exe] -> [2003.05.31 02:13:56 | 000,020,526 | ---- | M | MD5 = 463004315F9915A4C7FB49B811D30DBC] ()
QuickTimePlayer.exe -> C:\Programme\QuickTime\QuickTimePlayer.exe [C:\Programme\QuickTime\QuickTimePlayer.exe] -> [2010.08.10 05:34:20 | 001,234,224 | ---- | M | MD5 = 52AD7369AEDC888F3546A6F05ED206E2] (Apple Inc.)
RealConverter.exe -> c:\Programme\Real\RealPlayer\converter\RealConverter.exe [c:\programme\real\realplayer\converter\RealConverter.exe] -> [2010.09.04 19:01:46 | 000,378,376 | ---- | M | MD5 = F9C9BE5D11BFEBA34DADFFEC38B0AA29] (RealNetworks, Inc.)
RealPlay.exe -> c:\Programme\Real\RealPlayer\realplay.exe [c:\programme\real\realplayer\realplay.exe] -> [2010.09.04 19:01:25 | 000,488,968 | ---- | M | MD5 = A28269B85A0E006E02CB1144F99921A2] (RealNetworks, Inc.)
RealUpgrade.exe -> C:\Programme\Real\RealUpgrade\realupgrade.exe [C:\Programme\Real\RealUpgrade\RealUpgrade.exe] -> [2010.06.03 03:02:42 | 000,173,576 | ---- | M | MD5 = 2C1A1F91D3288E7C02B584C2553967B6] (RealNetworks, Inc.)
rnxproc.exe -> C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnxproc.exe [C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnxproc.exe] -> [2010.09.04 19:01:23 | 000,058,920 | ---- | M | MD5 = 9C4CC66BA41BD0DA4197C2E996EDBF7A] (RealNetworks, Inc.)
rvsezm.exe -> C:\Programme\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe] -> [2004.08.04 06:00:00 | 000,042,574 | ---- | M | MD5 = 155494D43CEDCCF40760ACB148A303E3] (Microsoft Corporation)
shvlzm.exe -> C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe [C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe] -> [2004.08.04 06:00:00 | 000,042,573 | ---- | M | MD5 = 0C06802AE1870C4143021803079FCC99] (Microsoft Corporation)
SLOW-PCfighter.exe -> C:\Programme\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [C:\Programme\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe] -> [2010.07.27 11:01:02 | 011,537,032 | ---- | M | MD5 = 643BEC626C85E568F93ADA80DF30C514] (SLOW-PCfighter)
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
thunderbird.exe -> C:\Programme\Mozilla Thunderbird\thunderbird.exe [C:\Programme\Mozilla Thunderbird\thunderbird.exe] -> [2010.09.04 20:24:06 | 012,746,928 | ---- | M | MD5 = 21AF0248F9927B64F851DF31B2EC2BF9] (Mozilla Messaging)
Unlocker.exe -> C:\Programme\Unlocker\Unlocker.exe [C:\Programme\Unlocker\Unlocker.exe] -> [2010.07.04 23:48:58 | 000,094,208 | ---- | M | MD5 = 51DFAF518ABE1B24AA409CEF12D7D0AB] ()
wab.exe -> C:\Programme\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008.04.14 04:23:04 | 000,046,080 | ---- | M | MD5 = 72AD946DD359A5E3C69B90205007230B] (Microsoft Corporation)
wabmig.exe -> C:\Programme\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008.04.14 04:23:04 | 000,030,208 | ---- | M | MD5 = 06526C5E456F78B90593CEC8D4C955E8] (Microsoft Corporation)
winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Winword.exe -> C:\Programme\Microsoft Office\Office\WINWORD.EXE [C:\PROGRA~1\MICROS~3\Office\WINWORD.EXE] -> [1999.04.23 23:45:44 | 008,441,907 | R--- | M | MD5 = 5B7CDCCA708BB61874AC3C51DA441D61] (Microsoft Corporation)
WKPLMSTP.EXE -> c:\Programme\Microsoft Works\wkplmstp.exe [c:\Programme\Microsoft Works\wkplmstp.exe] -> [2004.07.28 17:03:36 | 000,033,792 | ---- | M | MD5 = 2EFC1AE6CB938181222926BE0D588AE3] (Microsoft Corporation)
WKSAB.EXE -> c:\Programme\Microsoft Works\wksab.exe [c:\Programme\Microsoft Works\WKSAB.exe] -> [2004.07.12 02:55:26 | 000,006,656 | ---- | M | MD5 = 39644500D64078304B74607F5309CA3D] (Microsoft® Corporation)
wkscal.exe -> c:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WksCal.exe [c:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkscal.exe] -> [2004.07.28 17:03:38 | 000,110,592 | ---- | M | MD5 = B2066A9161452D43EB479793DE65E22E] (Microsoft® Corporation)
wksdb.exe -> c:\Programme\Microsoft Works\wksdb.exe [c:\Programme\Microsoft Works\wksdb.exe] -> [2004.07.28 16:03:40 | 002,240,512 | ---- | M | MD5 = 97462D0EAA36ACF4C64A9E05E0A54687] (Microsoft® Corporation)
WKSSB.EXE -> c:\Programme\Microsoft Works\WksSb.exe [c:\Programme\Microsoft Works\WKSSB.exe] -> [2004.07.12 03:56:38 | 000,729,088 | ---- | M | MD5 = C4CC90AFA55E1101DC1CFEB54B9CA3AB] (Microsoft® Corporation)
wksss.exe -> c:\Programme\Microsoft Works\wksss.exe [c:\Programme\Microsoft Works\wksss.exe] -> [2004.07.28 16:03:42 | 001,892,352 | ---- | M | MD5 = 51CEC8718639850EBED3426D2DCCE707] (Microsoft® Corporation)
wkswp.exe -> c:\Programme\Microsoft Works\WksWP.exe [c:\Programme\Microsoft Works\wkswp.exe] -> [2004.07.28 16:03:42 | 000,114,688 | ---- | M | MD5 = 253992DF9179AD3B3C9A01C728447DFB] (Microsoft® Corporation)
WKWCESTP.EXE -> c:\Programme\Microsoft Works\wkwcestp.exe [c:\Programme\Microsoft Works\wkwcestp.exe] -> [2004.07.28 17:03:44 | 000,031,232 | ---- | M | MD5 = 369DCEFB68C2145B6A60BC1CF1D95696] ()
wlmail.exe -> C:\Programme\Windows Live\Mail\wlmail.exe [C:\Programme\Windows Live\Mail\wlmail.exe] -> [2009.07.26 17:44:14 | 000,112,464 | ---- | M | MD5 = CC9D6AC0B725CBA911E267F79660D15B] (Microsoft Corporation)
wmplayer.exe -> C:\Programme\Windows Media Player\wmplayer.exe [C:\Programme\Windows Media Player\wmplayer.exe] -> [2006.11.03 09:56:14 | 000,064,000 | ---- | M | MD5 = 3F65D5D0A00427D19B2D1461580E2777] (Microsoft Corporation)
WRITE.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M | MD5 = A03F64E664CDD7D51F75321FF32D7B92] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> 
"{0006F045-0000-0000-C000-000000000046}" [HKLM] -> C:\Programme\Microsoft Office\Office\OLKFSTUB.DLL [Microsoft Outlook Custom Icon Handler] -> [1999.03.16 21:16:28 | 000,049,202 | ---- | M | MD5 = 00A119F4709CF5C63D4A26EB33E7C99F] (Microsoft Corporation)
"{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Viewer Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation)
"{00F30F90-3E96-453B-AFCD-D71989ECC2C7}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Autoplay Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F33137-EE26-412F-8D71-F84E4C2C6625}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F346CB-35A4-465B-8B8F-65A29DBAB1F6}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Viewer Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll [Windows Live Photo Gallery Editor Drop Target Shim] -> [2009.07.10 13:12:10 | 000,042,856 | ---- | M | MD5 = E6DF03D0274F72F42DCABB87821F869C] (Microsoft Corporation)
"{00F374B7-B390-4884-B372-2FC349F2172B}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Editor Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation)
"{0563DB41-F538-4B37-A92D-4659049B7766}" [HKLM] -> C:\Programme\Windows Live\Mail\mailcomm.dll [WLMD Message Handler] -> [2009.07.26 17:44:48 | 000,789,824 | ---- | M | MD5 = 021E1FA87DAB47ACE09F900B00074774] (Microsoft Corporation)
"{06A2568A-CED6-4187-BB20-400B8C02BE5A}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [] -> [2009.07.10 13:12:00 | 000,230,256 | ---- | M | MD5 = 08BABBC59A813C24A4815ECD8DF881DF] (Microsoft Corporation)
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Microsoft Datenverknüpfung] -> [2008.04.14 04:22:23 | 000,487,424 | ---- | M | MD5 = 56330321BEF8767D8E952886EFD854E0] (Microsoft Corporation)
"{23170F69-40C1-278A-1000-000100020000}" [HKLM] -> C:\Programme\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [2010.03.15 09:45:30 | 000,054,784 | ---- | M | MD5 = 8F06CD13B068E47B8DFA6C71E17F14AF] (Igor Pavlov)
"{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C}" [HKLM] -> C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe [Windows Live Photo Gallery Autoplay Drop Target] -> [2009.07.10 14:10:44 | 000,138,096 | ---- | M | MD5 = 3A4408F110F64AFD5F4DCF45F55255D7] (Microsoft Corporation)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Programme\Outlook Express\wabfind.dll [&Nach Personen...] -> [2008.04.14 04:22:32 | 000,032,768 | ---- | M | MD5 = 77CD31AAC4A19DC893E613893DB9AA91] (Microsoft Corporation)
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] ->  [CPL-Erweiterung für Anzeigeverschiebung] -> File not found
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll [Shell Extension for Malware scanning] -> [2008.06.12 14:48:37 | 000,065,793 | ---- | M | MD5 = 09B3D3F6AD9744417574676E5A2836EE] (Avira GmbH)
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Shellerweiterungen für die Dateikomprimierung] -> File not found
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" [HKLM] -> C:\WINDOWS\system32\ShellvRTF.dll [ShellViewRTF] -> [2005.06.03 23:29:30 | 000,237,568 | ---- | M | MD5 = B309190CEDF4A4E60865787DDE826901] (XSS)
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Kontextmenü für die Verschlüsselung] -> File not found
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [Erweiterung für HyperTerminal-Icons] -> [2004.08.04 06:00:00 | 000,044,544 | ---- | M | MD5 = A0273EDC903D503BE8747A1DB6928879] (Hilgraeve, Inc.)
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" [HKLM] -> C:\Programme\Unlocker\UnlockerCOM.dll [UnlockerShellExtension] -> [2010.07.04 23:32:38 | 000,010,752 | ---- | M | MD5 = 49B6AF547ED4BA1FB07BF6F384FDA841] ()
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" [HKLM] -> c:\Programme\Real\RealPlayer\rpshell.dll [Shell Extensions for RealOne Player] -> [2010.09.04 19:01:59 | 000,063,016 | ---- | M | MD5 = 0740ABDF0265BA0260D52FE88DCB9067] (RealNetworks, Inc.)
< Approved Shell Extensions [HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\] > -> HKEY_USERS\S-1-5-21-3851759823-1197635777-2726854231-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ -> 
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] -> [2001.05.19 22:57:40 | 000,561,209 | ---- | M | MD5 = 69F2733298C69CBE2AB585D245659A9B] ()
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008.04.14 04:23:07 | 000,199,680 | ---- | M | MD5 = 793600E335B7D7936FCBE9EB38BA3E0B] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010.01.29 16:43:35 | 000,307,260 | ---- | M | MD5 = BBD34DCBCEC28E415F634E03C0AB4DF4] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\WINDOWS\System32\sirenacm.dll [sirenacm.dll] -> [2009.07.26 17:44:56 | 000,048,448 | ---- | M | MD5 = CF1C4265A73D50A1CE97FD308CE1AFC9] (Microsoft Corporation)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008.04.14 04:21:29 | 000,086,016 | ---- | M | MD5 = 07C878A1F49E5BD6677366664F68561D] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004.08.04 06:00:00 | 000,008,192 | ---- | M | MD5 = E5BECBCCE3AC3E8D594FCBE9A0338DF5] (DSP GROUP, INC.)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010.06.17 16:03:00 | 000,080,384 | ---- | M | MD5 = 4D3B436B8AD9947F902D40C5688BC3CD] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004.08.04 06:00:00 | 000,199,168 | ---- | M | MD5 = CF159355DE2C8B4633172353CC22ED89] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004.08.04 06:00:00 | 000,199,168 | ---- | M | MD5 = CF159355DE2C8B4633172353CC22ED89] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008.04.14 04:23:07 | 000,848,384 | ---- | M | MD5 = CADC53118EA7B95D1EA7EBB068871689] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008.04.14 04:22:12 | 000,755,200 | ---- | M | MD5 = E92343AC6AA48A062FE970FA9E5CCF23] (Intel Corporation)
"vidc.LEAD" -> C:\WINDOWS\System32\LCodcCMP.dll [LCODCCMP.DLL] -> [2002.04.24 20:42:18 | 000,364,544 | ---- | M | MD5 = 021C3E651ACDB0C71498259C208FCCAC] (LEAD Technologies, Inc.)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
AppMgmt -> C:\WINDOWS\System32\appmgmts.dll -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
Wmi -> C:\WINDOWS\System32\wmi.dll -> [2008.04.14 04:21:45 | 000,005,632 | ---- | M | MD5 = 43AD9160D7AF6E7EAD00B485EBBAB6A5] (Microsoft Corporation)
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
 
[Files/Folders - Created Within 30 Days]
 xmldm -> C:\WINDOWS\System32\xmldm -> [2010.09.22 21:12:08 | 000,000,000 | ---D | C]
 OTS.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTS.exe -> [2010.09.22 20:54:15 | 000,641,536 | ---- | C | MD5 = 9A719DC92BA73362621B65ABE6B0289D] (OldTimer Tools)
 Recent -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Recent -> [2010.09.21 19:36:26 | 000,000,000 | RH-D | C]
 RECYCLER -> C:\RECYCLER -> [2010.09.21 19:30:36 | 000,000,000 | -HSD | C]
 remover.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\remover.exe -> [2010.09.16 19:45:13 | 000,083,968 | ---- | C | MD5 = FFD9CEF70883E655ED1913CFC5C97C44] (eSage Lab)
 7-Zip -> C:\Programme\7-Zip -> [2010.09.12 16:59:47 | 000,000,000 | ---D | C]
 Apple Computer -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Apple Computer -> [2010.09.05 18:06:34 | 000,000,000 | ---D | C]
 AVZ -> C:\AVZ -> [2010.09.05 17:47:20 | 000,000,000 | ---D | C]
 TDSSKiller.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\TDSSKiller.exe -> [2010.09.05 16:42:34 | 001,286,232 | ---- | C | MD5 = 5A692AC2F0D4B8FF73FC961F45CC9525] (Kaspersky Lab ZAO)
 Secunia -> C:\Programme\Secunia -> [2010.09.04 19:41:53 | 000,000,000 | ---D | C]
 Sun -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun -> [2010.09.04 19:16:46 | 000,000,000 | ---D | C]
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010.09.04 19:16:27 | 000,411,368 | ---- | C | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.)
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010.09.04 19:16:27 | 000,153,376 | ---- | C | MD5 = 9D452D6B1ED99F88C327349A644EB3A2] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010.09.04 19:16:27 | 000,145,184 | ---- | C | MD5 = 4E8CC8BDEBED5AD93539612D4D316FDF] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2010.09.04 19:16:27 | 000,145,184 | ---- | C | MD5 = 43F7CA0473BB0FC9DD44ECF328B8D1FA] (Sun Microsystems, Inc.)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010.09.04 19:16:27 | 000,073,728 | ---- | C | MD5 = 9DCF2BC541E53345C89F62C1A4621486] (Sun Microsystems, Inc.)
 rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2010.09.04 19:02:06 | 000,185,920 | ---- | C | MD5 = 1943C53C625732DEEC2A798CC619EC08] (RealNetworks, Inc.)
 pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2010.09.04 19:01:57 | 000,006,656 | ---- | C | MD5 = 33833B3EDA1B07EBD367FA9B38B23E60] (RealNetworks, Inc.)
 pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2010.09.04 19:01:57 | 000,005,632 | ---- | C | MD5 = B74E422BC81236042529DC8A42A18423] (RealNetworks, Inc.)
 xing shared -> C:\Programme\Gemeinsame Dateien\xing shared -> [2010.09.04 19:01:48 | 000,000,000 | ---D | C]
 Real -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real -> [2010.09.04 19:00:46 | 000,000,000 | ---D | C]
 Apple -> C:\Programme\Gemeinsame Dateien\Apple -> [2010.09.04 18:51:03 | 000,000,000 | ---D | C]
 Apple -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Apple -> [2010.09.04 18:50:46 | 000,000,000 | ---D | C]
 Apple Computer -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Apple Computer -> [2010.09.04 18:49:51 | 000,000,000 | ---D | C]
 CCleaner -> C:\Programme\CCleaner -> [2010.09.04 18:19:47 | 000,000,000 | ---D | C]
 OTL.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTL.exe -> [2010.08.31 23:41:20 | 000,574,976 | ---- | C | MD5 = 8C3A7CAD1EFAF032734509A37A0C9022] (OldTimer Tools)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010.08.30 22:59:21 | 000,212,480 | ---- | C | MD5 = B1A9CF0B6F80611D31987C247EC630B4] (SteelWerX)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010.08.30 22:59:21 | 000,161,792 | ---- | C | MD5 = 01D95A1F8CF13D07CC564AABB36BCC0B] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010.08.30 22:59:21 | 000,136,704 | ---- | C | MD5 = B7517DB073B28F5696A1E5528ABEB5D0] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010.08.30 22:59:21 | 000,031,232 | ---- | C | MD5 = AE72E8619CB31D84DA25E2435E55003C] (NirSoft)
 ERDNT -> C:\WINDOWS\ERDNT -> [2010.08.30 22:59:15 | 000,000,000 | ---D | C]
 Combo-Fix -> C:\Combo-Fix -> [2010.08.30 22:59:13 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2010.08.30 22:58:30 | 000,000,000 | ---D | C]
 Malwarebytes -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes -> [2010.08.29 20:11:09 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010.08.29 20:10:52 | 000,038,224 | ---- | C | MD5 = 7364D8A830F91C487F430A57FDBD2BBB] (Malwarebytes Corporation)
 Malwarebytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes -> [2010.08.29 20:10:49 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010.08.29 20:10:48 | 000,020,952 | ---- | C | MD5 = A02C631493AB553A1112A6B699FE61B3] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Programme\Malwarebytes' Anti-Malware -> [2010.08.29 20:10:48 | 000,000,000 | ---D | C]
 RandFont.dll -> C:\WINDOWS\Fonts\RandFont.dll -> [2005.09.24 08:49:16 | 000,012,288 | ---- | C | MD5 = BCE1F66D076ACBBB7D67DDA6656ECF06] (Hewlett-Packard Development Company, L.P.)
 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 hpsysdrv.dat -> C:\WINDOWS\System\hpsysdrv.dat -> [2010.09.22 21:13:56 | 000,000,248 | ---- | M | MD5 = A8A0FA4227DBF6432A73F308EA22F10C] ()
 RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> [2010.09.22 21:09:39 | 000,000,282 | ---- | M | MD5 = 43593C5F784877D5240DA821E1584A71] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010.09.22 21:09:30 | 000,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010.09.22 21:09:29 | 000,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010.09.22 21:09:26 | 468,242,432 | -HS- | M | Unable to obtain MD5] ()
 NTUSER.DAT -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\NTUSER.DAT -> [2010.09.22 21:08:31 | 004,194,304 | -H-- | M | Unable to obtain MD5] ()
 ntuser.ini -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\ntuser.ini -> [2010.09.22 21:08:31 | 000,000,190 | -HS- | M | MD5 = 3437668D99DBC2C3B952F11649E2AD49] ()
 OTS.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTS.exe -> [2010.09.22 20:54:30 | 000,641,536 | ---- | M | MD5 = 9A719DC92BA73362621B65ABE6B0289D] (OldTimer Tools)
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010.09.21 21:02:56 | 000,084,480 | ---- | M | MD5 = 63F9DC8DDA58E88968A3E85531AD4E83] ()
 system.ini -> C:\WINDOWS\system.ini -> [2010.09.20 22:57:04 | 000,000,227 | ---- | M | MD5 = C9DD76D0EF94637C77FF8CA5E0FB0684] ()
 Combo-Fix.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe -> [2010.09.20 22:40:41 | 003,847,603 | R--- | M | MD5 = 3260BA081B03BF08B4A26F159CB9BC91] ()
 avenger.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\avenger.exe -> [2010.09.19 22:10:39 | 000,731,136 | ---- | M | MD5 = 30F3680E007D924960FD65524DE36601] ()
 RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> [2010.09.18 19:03:02 | 000,000,290 | ---- | M | MD5 = 3876281B4AEE43D319A9FCC1BEC7CDED] ()
 IconCache.db -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\IconCache.db -> [2010.09.16 21:47:41 | 003,915,828 | -H-- | M | MD5 = E2AEB81F36A947F158C926053B966478] ()
 bootk3.zip -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk3.zip -> [2010.09.16 20:00:08 | 000,083,410 | ---- | M | MD5 = 9D871978F9CBA964E41B6C3E49072BF5] ()
 bootk3.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk3.doc -> [2010.09.16 19:58:12 | 000,105,984 | ---- | M | MD5 = 20F217F13DCE1D850D221EE2563E215E] ()
 bootk2.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk2.doc -> [2010.09.16 19:55:47 | 000,137,728 | ---- | M | MD5 = 34E1C6607CE0BA7C2283F7A83B21F59B] ()
 bootk1.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk1.doc -> [2010.09.16 19:54:59 | 000,105,984 | ---- | M | MD5 = 4A0960DB391193A4D89B5685B899C153] ()
 bootkit_remover.rar -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\bootkit_remover.rar -> [2010.09.16 19:44:00 | 000,040,422 | ---- | M | MD5 = 85F808F47B9B62957259FEF5B9D3811F] ()
 bootkit.zip -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootkit.zip -> [2010.09.15 23:49:53 | 000,083,401 | ---- | M | MD5 = D002A113EA94AE1F0BA905B591753F38] ()
 bootkit.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootkit.doc -> [2010.09.15 23:46:08 | 000,116,224 | ---- | M | MD5 = 20D8038A448469195ED03E382C7934A9] ()
 MBRCheck.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\MBRCheck.exe -> [2010.09.15 22:00:29 | 000,080,384 | ---- | M | MD5 = CB2D120A4B72422A8141192831B1F500] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010.09.13 18:40:54 | 000,001,158 | ---- | M | MD5 = 90C07AAC1F3EE3BA24C37876D79A4574] ()
 Results of system analysis.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\Results of system analysis.doc -> [2010.09.12 17:21:39 | 000,572,928 | ---- | M | MD5 = 35669E8EAC1B4D140EDCC31A747D5955] ()
 betti.JPG -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\betti.JPG -> [2010.09.07 21:55:08 | 000,010,071 | ---- | M | MD5 = 312AE49CD3BFAAC048CBB7AF7D941D77] ()
 RKUnhookerLE.EXE -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\RKUnhookerLE.EXE -> [2010.09.05 17:07:01 | 000,133,632 | ---- | M | MD5 = 271EAD1D88F23C65AF7F0D3B0596D46F] ()
 Secunia PSI.lnk -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmenü\Programme\Autostart\Secunia PSI.lnk -> [2010.09.04 19:43:23 | 000,000,711 | ---- | M | MD5 = 21B0F425A2D14CEF98E031C58B6D91AA] ()
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010.09.04 19:16:12 | 000,153,376 | ---- | M | MD5 = 9D452D6B1ED99F88C327349A644EB3A2] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010.09.04 19:16:12 | 000,145,184 | ---- | M | MD5 = 4E8CC8BDEBED5AD93539612D4D316FDF] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2010.09.04 19:16:12 | 000,145,184 | ---- | M | MD5 = 43F7CA0473BB0FC9DD44ECF328B8D1FA] (Sun Microsystems, Inc.)
 javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010.09.04 19:16:12 | 000,073,728 | ---- | M | MD5 = 9DCF2BC541E53345C89F62C1A4621486] (Sun Microsystems, Inc.)
 deployJava1.dll -> C:\WINDOWS\System32\deployJava1.dll -> [2010.09.04 19:16:11 | 000,411,368 | ---- | M | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.)
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010.09.04 19:15:46 | 000,902,476 | ---- | M | MD5 = 25DB18BEC5B8CD370CB4D39CF9DD499D] ()
 perfh007.dat -> C:\WINDOWS\System32\perfh007.dat -> [2010.09.04 19:15:46 | 000,392,842 | ---- | M | MD5 = F384401903BE48797EC4D95327156ACF] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010.09.04 19:15:46 | 000,381,828 | ---- | M | MD5 = A18A182A6112897DFFE837E3F04AE4DD] ()
 perfc007.dat -> C:\WINDOWS\System32\perfc007.dat -> [2010.09.04 19:15:46 | 000,064,650 | ---- | M | MD5 = 2639A1174617702AB7368B155362A691] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010.09.04 19:15:46 | 000,053,572 | ---- | M | MD5 = DB540EB561C4EDEC5FE3ED48FD31796D] ()
 cc_20100904_191209.reg -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\cc_20100904_191209.reg -> [2010.09.04 19:12:34 | 000,008,540 | ---- | M | MD5 = CFF1255DE59234E57279C1A3DFBDBB7E] ()
 rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2010.09.04 19:02:06 | 000,185,920 | ---- | M | MD5 = 1943C53C625732DEEC2A798CC619EC08] (RealNetworks, Inc.)
 pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2010.09.04 19:01:57 | 000,006,656 | ---- | M | MD5 = 33833B3EDA1B07EBD367FA9B38B23E60] (RealNetworks, Inc.)
 pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2010.09.04 19:01:57 | 000,005,632 | ---- | M | MD5 = B74E422BC81236042529DC8A42A18423] (RealNetworks, Inc.)
 pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2010.09.04 19:01:24 | 000,278,528 | ---- | M | MD5 = 13001EB0A58B4DE96126B16AB15FD8CC] (Real Networks, Inc)
 Mozilla Thunderbird.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk -> [2010.09.04 18:56:27 | 000,001,643 | ---- | M | MD5 = 393549BF03154295A4A5EB57C7403F4B] ()
 CCleaner.lnk -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\CCleaner.lnk -> [2010.09.04 18:19:50 | 000,000,665 | ---- | M | MD5 = 74DDA3EEE796B907F6080EE33E6C3E44] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010.09.03 19:05:08 | 000,000,027 | ---- | M | MD5 = 6A4029CFF35FD4BA34C001C1ED5D9945] ()
 TDSSKiller.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\TDSSKiller.exe -> [2010.09.03 10:27:00 | 001,286,232 | ---- | M | MD5 = 5A692AC2F0D4B8FF73FC961F45CC9525] (Kaspersky Lab ZAO)
 remover.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\remover.exe -> [2010.09.01 15:33:49 | 000,083,968 | ---- | M | MD5 = FFD9CEF70883E655ED1913CFC5C97C44] (eSage Lab)
 OTL.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\OTL.exe -> [2010.08.31 23:41:25 | 000,574,976 | ---- | M | MD5 = 8C3A7CAD1EFAF032734509A37A0C9022] (OldTimer Tools)
 ComboFix 10.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\ComboFix 10.doc -> [2010.08.31 23:33:46 | 000,118,784 | ---- | M | MD5 = 3BE12C511DFCFB6189B9F49BEFD2D2EC] ()
 defogger_reenable -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\defogger_reenable -> [2010.08.30 19:39:16 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 GMER 1.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\GMER 1.doc -> [2010.08.28 20:07:43 | 000,028,160 | ---- | M | MD5 = E4F2821BE6A1C57B39F6C7995F346FC8] ()
 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 6 C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\temp\*.tmp files -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\temp\*.tmp -> 
 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 
[Files - No Company Name]
 Combo-Fix.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe -> [2010.09.20 22:34:19 | 003,847,603 | R--- | C | MD5 = 3260BA081B03BF08B4A26F159CB9BC91] ()
 avenger.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\avenger.exe -> [2010.09.19 22:10:28 | 000,731,136 | ---- | C | MD5 = 30F3680E007D924960FD65524DE36601] ()
 IconCache.db -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\IconCache.db -> [2010.09.16 21:47:41 | 003,915,828 | -H-- | C | MD5 = E2AEB81F36A947F158C926053B966478] ()
 bootk3.zip -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk3.zip -> [2010.09.16 20:00:08 | 000,083,410 | ---- | C | MD5 = 9D871978F9CBA964E41B6C3E49072BF5] ()
 bootk3.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk3.doc -> [2010.09.16 19:58:12 | 000,105,984 | ---- | C | MD5 = 20F217F13DCE1D850D221EE2563E215E] ()
 bootk2.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk2.doc -> [2010.09.16 19:55:47 | 000,137,728 | ---- | C | MD5 = 34E1C6607CE0BA7C2283F7A83B21F59B] ()
 bootk1.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootk1.doc -> [2010.09.16 19:54:59 | 000,105,984 | ---- | C | MD5 = 4A0960DB391193A4D89B5685B899C153] ()
 bootkit_remover_debug_log.txt -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\bootkit_remover_debug_log.txt -> [2010.09.16 19:48:35 | 000,035,875 | ---- | C | MD5 = E040B6E69B3FA2B475A6FFC7A861F17D] ()
 bootkit.zip -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootkit.zip -> [2010.09.15 23:49:53 | 000,083,401 | ---- | C | MD5 = D002A113EA94AE1F0BA905B591753F38] ()
 bootkit.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\bootkit.doc -> [2010.09.15 23:46:07 | 000,116,224 | ---- | C | MD5 = 20D8038A448469195ED03E382C7934A9] ()
 bootkit_remover.rar -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\bootkit_remover.rar -> [2010.09.15 23:34:05 | 000,040,422 | ---- | C | MD5 = 85F808F47B9B62957259FEF5B9D3811F] ()
 MBRCheck.exe -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\MBRCheck.exe -> [2010.09.15 22:00:29 | 000,080,384 | ---- | C | MD5 = CB2D120A4B72422A8141192831B1F500] ()
 Results of system analysis.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\Results of system analysis.doc -> [2010.09.12 17:21:38 | 000,572,928 | ---- | C | MD5 = 35669E8EAC1B4D140EDCC31A747D5955] ()
 betti.JPG -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\betti.JPG -> [2010.09.07 21:55:08 | 000,010,071 | ---- | C | MD5 = 312AE49CD3BFAAC048CBB7AF7D941D77] ()
 RKUnhookerLE.EXE -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\RKUnhookerLE.EXE -> [2010.09.05 17:07:27 | 000,133,632 | ---- | C | MD5 = 271EAD1D88F23C65AF7F0D3B0596D46F] ()
 Secunia PSI.lnk -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Startmenü\Programme\Autostart\Secunia PSI.lnk -> [2010.09.04 19:43:23 | 000,000,711 | ---- | C | MD5 = 21B0F425A2D14CEF98E031C58B6D91AA] ()
 cc_20100904_191209.reg -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\cc_20100904_191209.reg -> [2010.09.04 19:12:16 | 000,008,540 | ---- | C | MD5 = CFF1255DE59234E57279C1A3DFBDBB7E] ()
 RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> [2010.09.04 19:02:26 | 000,000,282 | ---- | C | MD5 = 43593C5F784877D5240DA821E1584A71] ()
 RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3851759823-1197635777-2726854231-1008.job -> [2010.09.04 19:02:24 | 000,000,290 | ---- | C | MD5 = 3876281B4AEE43D319A9FCC1BEC7CDED] ()
 Mozilla Thunderbird.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk -> [2010.09.04 18:56:27 | 000,001,643 | ---- | C | MD5 = 393549BF03154295A4A5EB57C7403F4B] ()
 CCleaner.lnk -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\CCleaner.lnk -> [2010.09.04 18:19:50 | 000,000,665 | ---- | C | MD5 = 74DDA3EEE796B907F6080EE33E6C3E44] ()
 ComboFix 10.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\ComboFix 10.doc -> [2010.08.31 23:33:45 | 000,118,784 | ---- | C | MD5 = 3BE12C511DFCFB6189B9F49BEFD2D2EC] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010.08.30 22:59:21 | 000,256,512 | ---- | C | MD5 = F1FBA6185A6A2BC6456970914875078E] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2010.08.30 22:59:21 | 000,098,816 | ---- | C | MD5 = 2B657A67AEBB84AEA5632C53E61E23BF] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2010.08.30 22:59:21 | 000,080,412 | ---- | C | MD5 = 9E05A9C264C8A908A8E79450FCBFF047] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2010.08.30 22:59:21 | 000,077,312 | ---- | C | MD5 = C5EC72A20B4C98DB5314E6C46765B148] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2010.08.30 22:59:21 | 000,068,096 | ---- | C | MD5 = 5E832F4FAF5F481F2EAF3B3A48F603B8] ()
 defogger_reenable -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\defogger_reenable -> [2010.08.30 19:39:16 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 GMER 1.doc -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Eigene Dateien\GMER 1.doc -> [2010.08.28 20:07:43 | 000,028,160 | ---- | C | MD5 = E4F2821BE6A1C57B39F6C7995F346FC8] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009.02.13 19:16:00 | 000,084,480 | ---- | C | MD5 = 63F9DC8DDA58E88968A3E85531AD4E83] ()
 GDIPFONTCACHEV1.DAT -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT -> [2009.02.07 16:16:07 | 000,046,304 | ---- | C | MD5 = 4811D0ECB036B71FCBEE20FFFF42EAE3] ()
 wklnhst.dat -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\wklnhst.dat -> [2009.02.07 16:16:05 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 desktop.ini -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\desktop.ini -> [2009.02.07 15:34:25 | 000,000,062 | -HS- | C | MD5 = 88CF0FF92A4A9FA7BD9B7513B2E9E22B] ()
 fusioncache.dat -> C:\Dokumente und Einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat -> [2009.02.07 15:34:21 | 000,000,160 | ---- | C | MD5 = 7BCE6A2B14316D6BEDB53A854C3A7D4B] ()
 QTSBandwidthCache -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache -> [2007.09.25 18:39:50 | 000,001,763 | ---- | C | MD5 = F4128E52135B8615CAE7363AE6DD64BA] ()
 if40le.ini -> C:\WINDOWS\if40le.ini -> [2006.12.26 13:09:56 | 000,000,613 | ---- | C | MD5 = EF0C8478243F9968DE8C2DA7973ACD70] ()
 SCNDRVU.INI -> C:\WINDOWS\SCNDRVU.INI -> [2006.12.26 13:09:54 | 000,000,114 | ---- | C | MD5 = 7A0BFD238CEF317A73A0D89CCECD32D3] ()
 If42le.ini -> C:\WINDOWS\If42le.ini -> [2006.12.26 13:09:35 | 000,003,049 | ---- | C | MD5 = 982AB916D4E334A34816FA759043A195] ()
 PEXPLORE.INI -> C:\WINDOWS\PEXPLORE.INI -> [2006.12.26 13:09:34 | 000,000,241 | ---- | C | MD5 = 91DCDF54F9DE74E17BB027A222AB74A0] ()
 umxaddin.ini -> C:\WINDOWS\umxaddin.ini -> [2006.12.26 13:09:23 | 000,000,403 | ---- | C | MD5 = FF2FB8216A5CF24FD58515A5FFDCD0E4] ()
 AutoSet.dll -> C:\WINDOWS\AutoSet.dll -> [2006.12.26 13:08:13 | 000,049,152 | R--- | C | MD5 = C9330F5BCAF5F04D0220D6D3C8D3E8B8] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006.05.03 18:02:07 | 000,000,777 | ---- | C | MD5 = B5F0A649297C19F92ED0585D343B47BC] ()
 UMSDIH.DLL -> C:\WINDOWS\UMSDIH.DLL -> [2006.05.02 22:33:16 | 000,032,768 | ---- | C | MD5 = 8441709A3748D31BBFC01991A1E40A71] ()
 addr_file.html -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html -> [2006.05.02 22:20:42 | 000,000,305 | ---- | C | MD5 = 701F9A86DF4EAD62C9D7FE721C9B2788] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2005.12.09 23:03:52 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2005.01.01 21:24:26 | 000,000,061 | ---- | C | MD5 = C0759373CABA4620D082671DC8B0B919] ()
 USBkey.sys -> C:\WINDOWS\System32\drivers\USBkey.sys -> [2005.01.01 21:05:37 | 000,028,848 | ---- | C | MD5 = F2CE99DD9F56BAFC49234A1EFB0AFC8E] ()
 CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2005.01.01 21:02:58 | 000,013,624 | ---- | C | MD5 = 580C903B70A86CF7E626127253D634AB] ()
 hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2005.01.01 21:02:53 | 000,045,056 | ---- | C | MD5 = 05898261D50E965F13D3F86C44C82FF4] ()
 WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2005.01.01 20:56:54 | 000,000,108 | ---- | C | MD5 = 9C09EADC9B8713AAE2D45FA244902A04] ()
 hpzinstall.log -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log -> [2005.01.01 20:43:38 | 000,001,702 | ---- | C | MD5 = 1A98D1E1B23215301B210D98BC458859] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2005.01.01 20:42:40 | 000,003,776 | ---- | C | MD5 = 221FCC75D1FB9664146B8C682ECF094D] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2005.01.01 20:26:25 | 000,000,849 | ---- | C | MD5 = 325DD251729238D31A0A663FC366BD7B] ()
 pythoncom22.dll -> C:\WINDOWS\System32\pythoncom22.dll -> [2005.01.01 20:23:16 | 000,323,584 | ---- | C | MD5 = 8944B18FE541BA21CFCC93E3D292E78E] ()
 pywintypes22.dll -> C:\WINDOWS\System32\pywintypes22.dll -> [2005.01.01 20:23:16 | 000,094,208 | ---- | C | MD5 = 4977C5A01D47D6248135DEF9997932E8] ()
 bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2005.01.01 20:23:01 | 000,016,896 | ---- | C | MD5 = 920F96B11AB9B7764B0FBAD336E6D016] ()
 desktop.ini -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini -> [2004.11.02 19:56:58 | 000,000,062 | -HS- | C | MD5 = 88CF0FF92A4A9FA7BD9B7513B2E9E22B] ()
 oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2002.09.20 18:19:34 | 000,001,194 | ---- | C | MD5 = 94C1FD56D7FA34F3B9FAE00F84CB7DC9] ()
 HPTCPMON.INI -> C:\WINDOWS\System32\HPTCPMON.INI -> [2001.07.06 23:30:00 | 000,003,254 | ---- | C | MD5 = 7A6147A12AF554BA8D44AF299006B3BB] ()
 MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999.01.22 21:46:58 | 000,065,536 | ---- | C | MD5 = 968A5129FBE4EA13B31BDA7F47392729] ()
 
[File - Lop Check]
 AntiVir PersonalEdition Classic -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic -> [2009.02.05 22:05:37 | 000,000,000 | ---D | M]
 Fighters -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters -> [2010.08.19 15:56:21 | 000,000,000 | ---D | M]
 Prevx -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prevx -> [2007.12.27 13:41:24 | 000,000,000 | ---D | M]
 Prism -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prism -> [2006.05.02 20:39:37 | 000,000,000 | ---D | M]
 SecTaskMan -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan -> [2010.09.14 19:43:54 | 000,000,000 | ---D | M]
 TEMP -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP -> [2008.10.16 13:03:58 | 000,000,000 | ---D | M]
 
[File - Purity Scan]
 
[Custom Scans]
< %SYSTEMDRIVE%\*.exe >
 secutest.exe -> C:\secutest.exe -> [2007.02.22 16:29:38 | 000,444,654 | ---- | M | MD5 = 0BC073D72E5B0067812702836D25BB8E] (Mark Loman)
< %systemroot%\*. /mp /s >
Restore point Set: OTS Restore Point (0)
< %systemroot%\system32\*.dll /lockedfiles >
 8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
 psi_mf.sys -> C:\WINDOWS\system32\drivers\psi_mf.sys -> [2010.07.07 16:05:32 | 000,014,904 | ---- | M | MD5 = 1DF21F001F3A94EBA4A2950C70CC358F] (Secunia)
< %systemroot%\system32\ws2help.dll /md5 >
 ws2help.dll : MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -> C:\WINDOWS\system32\ws2help.dll -> [2008.04.14 04:22:32 | 000,019,968 | ---- | M | MD5 = C7D8A0517CBF16B84F657DE87EBE9D4B] (Microsoft Corporation)
 8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime -> 2010-09-15 18:55:41 -> 
 
[Alternate Data Streams]
@Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
< End of report >

Swisstreasure · 23.09.2010, 18:37

Bestehen Probleme mit dem CDRom?

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:filefind
*cdrom.sys
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

eselvormberg · 23.09.2010, 19:11

jo das ist richtig CDs werden nicht richtig abgespielt, verzerrter Ton,
ist aber schon 3 Jahre so und hat mich aber nicht weiter gestört, bzw habs halt nicht benutzt.

hier der log:

Code:

ATTFilter

SystemLook 04.09.10 by jpshortstuff
Log created at 20:05 on 23/09/2010 by HP_Besitzer
Administrator - Elevation successful

========== filefind ==========

Searching for "*cdrom.sys"
C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys    -----c- 49536 bytes    [19:00 10/02/2009]    [04:00 04/08/2004] AF9C19B3100FE010496B1A27181FBF72
C:\WINDOWS\ServicePackFiles\i386\cdrom.sys    ------- 62976 bytes    [18:40 13/04/2008]    [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\system32\drivers\cdrom.sys    --a---- 62976 bytes    [04:00 04/08/2004]    [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE

-= EOF =-

übrigens waren gestern wieder im xmldm ordner diverse Aktionen,
die ich mit Malwarebytes wieder gelöscht habe.

Swisstreasure · 23.09.2010, 19:37

Ich muss etwas abklären noch, werde mich dann wieder melden. Es wird sicherlich morgen werden.

eselvormberg · 23.09.2010, 21:45

bin erst wieder samstag on.

heute hat war im ordner xmldm nichts los.

Swisstreasure · 24.09.2010, 22:12

Lade Dir den ProcessMonitor runter und verschiebe procmon.exe auf C:\

start --> ausführen (Vista User: suche starten) --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

@echo off

set vir=c:\windows\system32\xmldm

cd \
if exist "%vir%" (
rd /s /q %vir%
start C:\procmon.exe
)

echo. Warte bis Ordner existiert
echo.
pause
echo. Fenster nicht schliessen !!
:check
if exist "%vir%" (
cls
color fc
echo Bitte Logfile speichern
pause >nul
) else (
goto check
)

Speichere diese unter xmldm.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Bei Codierung bitte ANSI auswählen.
Doppelklick auf die xmldm.bat
Vista- User: Mit Rechtsklick "als Administrator starten" ausführen

Poste mir bitte den Inhalt

eselvormberg · 25.09.2010, 16:22

so habs genau gemacht wie beschrieben.

es hat sich das Monitor Process geöffnet und ist losgelaufen.

1. Versuch bekam ich nach ca 3mio Datensätzen die Meldung:
"A System or aplication resort limt prevents Process Monnitor from capturing additional events"

danach gings nicht mehr weiter, cmd.exe hat zwar noch weitergearbeitet aber nichts mehr passiert. hab dann abgebrochen

Neustart

2. Versuch
diesmal bis fast 5 Mio gekommen, dann wieder fehlermeldung
irgendwas mit ausgelagerte Datei zu groß
und wieder ging nichts mehr.

Swisstreasure · 26.09.2010, 13:08

Starte den Process Monitor.
Lösche nun den Ordner c:\windows\system32\xmldm
Warte nun bis sich der Ordner wieder erstellt.
Klicke auf File -> Save im Hauptfenster von Process Monitor
Sichere das Log in einem Ordner Deiner Wahl.
Wählen All events und speichere das Log im Native PML Format ab
Bitte kopiere die erstellte Logfile.PML in eine ZIP-Datei und hänge sie hier an.

eselvormberg · 26.09.2010, 17:29

ich hab jetzt mehrere Versuche gemacht, aber die Dateien sind auch als Zip jeweils zu groß 1000 kb und ich hab schnell gemacht.

Swisstreasure · 27.09.2010, 23:28

Kannst Du erkennen was den ordner c:\windows\system32\xmldm herstellt?

eselvormberg · 28.09.2010, 19:34

der ordner xmldm wird ja immer erstellt wenn firefox neu gestartet wird.

jetzt habe ich beim Monitor Process 2 Dateien erstellt die alle das Wort "xmldm" enthält.

1. Datei logfile detail musst du "path contains xmldm include" wegklicken um die beiden Datensätze zu sehen.

2. Datei logfile path musst du " detail contains xmldm include" wegklicken um die 8 Datensätze zu sehen.

vielleicht hilft dir das weiter.

Swisstreasure · 30.09.2010, 18:50

Deinstalliere einmal Firefox ganz nach dieser Anleitung und installiere ihn wieder neu.

Danach mache einen Scan mit Malwarebytes und poste das Log.

23.09.2010, 19:37	#82
Swisstreasure /// Malwareteam	TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Ich muss etwas abklären noch, werde mich dann wieder melden. Es wird sicherlich morgen werden.

27.09.2010, 23:28	#88
Swisstreasure /// Malwareteam	TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Kannst Du erkennen was den ordner c:\windows\system32\xmldm herstellt?

30.09.2010, 18:50	#90
Swisstreasure /// Malwareteam	TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung Deinstalliere einmal Firefox ganz nach dieser Anleitung und installiere ihn wieder neu. Danach mache einen Scan mit Malwarebytes und poste das Log. Geändert von Swisstreasure (30.09.2010 um 19:04 Uhr)

TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung

Plagegeister aller Art und deren Bekämpfung: TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung