Trojaner-Board - Windows update nicht erreichbar und google leitet auf falsche seiten weiter

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Windows update nicht erreichbar und google leitet auf falsche seiten weiter (https://www.trojaner-board.de/87579-windows-update-erreichbar-google-leitet-falsche-seiten.html)

Windows update nicht erreichbar und google leitet auf falsche seiten weiter

Hallo an alle,

das Windows Update ist nun schon seit einiger Zeit nicht mehr erreichbar. Bis vor ein paar Tagen ist mir das gar nicht aufgefallen, da die wichtigen Windows Updates ja eigentlich automatoisch gemacht werden.

Vor 2 oder 3 Tagen fing Google dann an mich auf "falsche Seiten" weiterzuleiten. Es sind keine Pornoseite o. ä., es ist meist nur Werbung und manchmal springt mein Avast an und meldet irgendeinen Trojaner. Ich habe den Avast laufen lassen, da ich einen "Plagegeist" vermutete, es wurde aber nichts gefunden. Danach wollte ich mein System mal auf den neuesten Stand bringen und habe festgestellt, dass die Windows Update Seite nicht erreichbar ist.

Darauf hin habe ich mal im Internet nach ähnlichen Problemen geschaut, habe aber nichts gefunden was das Problem bei mir beheben würde. Nachdem ich nun Malwarebytes auch im Abgesicherten Modus laufen lassen habe und auch da kein Trojaner, Virus oder ähnliches gefunden wurde, wende ich mich an euch.

Vielen lieben Dank fürs drüberschauen und eventl. auch helfen ^^

Code:

Logfile of HijackThis v1.99.1

Scan saved at 10:07:12, on 26.06.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Alwil Software\Avast4\aswUpdSv.exe

C:\Programme\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\arservice.exe

C:\Programme\avmwlanstick\WlanNetService.exe

C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\ezNTSvc.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\Google\Update\GoogleUpdate.exe

C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

C:\Programme\Alwil Software\Avast4\ashMaiSv.exe

C:\Programme\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Programme\HP DigitalMedia Archive\DMAScheduler.exe

C:\Programme\avmwlanstick\wlangui.exe

C:\Programme\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Programme\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\dllhost.exe

C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe

C:\HP\KBD\KBD.EXE

C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Programme\Avant Browser\avant.exe

C:\Dokumente und Einstellungen\HP_Administrator\Desktop\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=64&bd=PAVILION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de&amp;source=iglk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=64&bd=PAVILION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll

O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)

O2 - BHO: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [DMAScheduler] "c:\Programme\HP DigitalMedia Archive\DMAScheduler.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274545646618

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\WINDOWS\system32\ezNTSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Programme\Google\Update\GoogleUpdate.exe" /svc (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4225

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

26.06.2010 09:51:28
mbam-log-2010-06-26 (09-51-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 243214
Laufzeit: 32 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

mein Avast an und meldet irgendeinen Trojaner.

Der meldet nicht irgendeinen Trojaner! Poste bitte die Meldung wortgenau!

Die Meldungen der letzten Tage waren diese:

24.06.2010 19:11:55 SYSTEM 1580 Sign of "JS:Prontexi-BW [Trj]" has been found in "hxxp://glansemania.com/nte/rfx.asp" file.
24.06.2010 19:16:25 SYSTEM 1580 Sign of "JS:Pdfka-gen [Expl]" has been found in "hxxp://www.safe-monitoring-2.in/sx1/fonts.php?fh=\{gzip}" file.
26.06.2010 09:05:25 SYSTEM 1648 Sign of "JS:Prontexi-BW [Trj]" has been found in "hxxp://gamstergert.com/nte/RFX.html" file.

Das war jedesmal als Google mich "falsch" weitergeleitet hat. Diese Meldungen kommen nicht immer, meist ist es eine Seite mit Werbung o. ä.

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Hi, der GMER stürzt immer wieder ab, wie du schon sagtest. Und wenn ich auf den Link für OSAM klicke erscheint folgendes:

http://i165.photobucket.com/albums/u...83/Bild1-1.jpg

Super...Dankeschön :-)

hier die Datei

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 22:53:36 on 30.06.2010
 

OS: Windows XP Professional Service Pack 3 (Build 2600)

Default Browser: Avant Force Avant Browser 11.7.0.46
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "COMODO" - C:\WINDOWS\system32\guard32.dll
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"RealUpgradeLogonTaskS-1-5-21-3234704117-2214152862-3734889239-1007.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

"RealUpgradeScheduledTaskS-1-5-21-3234704117-2214152862-3734889239-1007.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime Alternative\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"aflciaoc" (aflciaoc) - ? - C:\DOKUME~1\HP_ADM~1\LOKALE~1\Temp\aflciaoc.sys  (Hidden registry entry, rootkit activity | File not found)

"aflciaow" (aflciaow) - ? - C:\DOKUME~1\HP_ADM~1\LOKALE~1\Temp\aflciaow.sys  (Hidden registry entry, rootkit activity | File not found)

"aswFsBlk" (aswFsBlk) - "ALWIL Software" - C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys

"aswRdr" (aswRdr) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswRdr.sys

"avast! Asynchronous Virus Monitor" (Aavmker4) - "ALWIL Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys

"avast! Network Shield Support" (aswTdi) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswTdi.sys

"avast! Self Protection" (aswSP) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswSP.sys

"avast! Standard Shield Support" (aswMon2) - "ALWIL Software" - C:\WINDOWS\system32\drivers\aswMon2.sys

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"COMODO Internet Security Firewall Driver" (Inspect) - "COMODO" - C:\WINDOWS\System32\DRIVERS\inspect.sys

"COMODO Internet Security Helper Driver" (cmdHlp) - "COMODO" - C:\WINDOWS\System32\DRIVERS\cmdhlp.sys

"COMODO Internet Security Sandbox Driver" (cmdGuard) - "COMODO" - C:\WINDOWS\System32\DRIVERS\cmdguard.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MHN-Treiber" (MHNDRV) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\mhndrv.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"symlcbrd" (symlcbrd) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\symlcbrd.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} "Microsoft Windows Media Player" - "Microsoft Corporation" - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\WINDOWS\system32\EZUPBH~1.DLL

UPB:{AEB6717E-7E19-11d0-97EE-00C04FD91972} "UPB:{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashShell.dll

{4255A182-CAD9-4214-A19B-7BA7FB633BBD} "Comodo AntiVirus" - "COMODO" - C:\Programme\COMODO\COMODO Internet Security\cavshell.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\programme\real\realplayer\rpshell.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll

{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\USIShex.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} "WMP Add To Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

{8DD448E6-C188-4aed-AF92-44956194EB1F} "WMP Burn Audio CD Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll

{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} "WMP Play As Playlist Launcher" - "Microsoft Corporation" - C:\WINDOWS\system32\wmpshell.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "&Google" - "Google Inc." - c:\programme\google\googletoolbar1.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? -   (File not found | COM-object registry key not found) / file:///C:/WINDOWS/Java/classes/xmldso.cab

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\WINDOWS\system32\muweb.dll / hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274545646618

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{77BF5300-1474-4EC7-9980-D32B190E9B07} "ClsidExtension" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

"Hilfe zu Verbindungen" - ? - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "&Google" - "Google Inc." - c:\programme\google\googletoolbar1.dll

Locked "Locked" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} "1&&1 Internet AG Browser Configuration by mquadr.at" - "mquadr.at software engineering und consulting GmbH" - C:\WINDOWS\system32\ieconfig_1und1.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - c:\programme\google\googletoolbar1.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

{B922D405-6D13-4A2B-AE89-08A030DA4402} "{B922D405-6D13-4A2B-AE89-08A030DA4402}" - ? -   (File not found | COM-object registry key not found)

{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avast!" - "ALWIL Software" - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

"AVMWlanClient" - "AVM Berlin" - C:\Programme\avmwlanstick\wlangui.exe

"COMODO Internet Security" - "COMODO" - "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h

"DMAScheduler" - "Sonic Solutions" - "c:\Programme\HP DigitalMedia Archive\DMAScheduler.exe"

"HP Software Update" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe

"HPBootOp" - "Hewlett-Packard Company" - "C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

"Recguard" - ? - C:\WINDOWS\SMINST\RECGUARD.EXE

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

"TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"avast! Antivirus" (avast! Antivirus) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashServ.exe

"avast! iAVS4 Control Service" (aswUpdSv) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe

"avast! Mail Scanner" (avast! Mail Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe

"avast! Web Scanner" (avast! Web Scanner) - "ALWIL Software" - C:\Programme\Alwil Software\Avast4\ashWebSv.exe

"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Programme\avmwlanstick\WlanNetService.exe

"Capture Device Service" (Capture Device Service) - "InterVideo Inc." - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe

"COMODO Internet Security Helper Service" (cmdAgent) - "COMODO" - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe

"EasyBits Magic Desktop Services for Windows NT" (ezntsvc) - "EasyBits Software Corp." - C:\WINDOWS\system32\ezNTSvc.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

"MHN" (MHN) - "Microsoft Corporation" - C:\WINDOWS\System32\mhn.dll

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe

"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)

"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit Online Solutions :: Index

1.) Bitte das sinnfreie Comodo deinstallieren, SecuritySuites sind Systembremsen und verbessern nicht unbedingt die Systemsicherheit. Außerdem hast Du schon Avast drauf, das verträgt sich nicht zusammen mit Comodo (eine Ausnahme stellt Malwarebytes dar)

2.) Wenn Comodo deinstalliert ist bitte CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

So nun möchte ich mich erstmal recht herzlich für deine Hilfe bedanken.

Comodo habe ich deinstalliert.
Beim Start von CF war ich etwas irritiert. Das sagte mir das Norton 360 aktiv sei, aber den Norton habe ich schon seit längerem deinstalliert. Wie kann das sein?

Hier das Log von CF:

Combofix Logfile:

Code:

ComboFix 10-06-30.03 - HP_Administrator 01.07.2010  21:10:10.1.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.959.512 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\HP_Administrator\Desktop\cofi.exe

AV: avast! antivirus 4.8.1368 [VPS 100701-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton 360 Online *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton 360 Online *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\dokumente und einstellungen\All Users\Anwendungsdaten\hpe123.dll

c:\windows\system32\srcr.dat
 

Infizierte Kopie von c:\windows\system32\drivers\viaide.sys wurde gefunden und desinfiziert 

Kopie von - Kitty had a snack :p wurde wiederhergestellt 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_SSHNAS
 
 

(((((((((((((((((((((((   Dateien erstellt von 2010-06-01 bis 2010-07-01  ))))))))))))))))))))))))))))))

.
 

2010-06-26 16:06 . 2010-06-26 16:06        --------        d-----r-        c:\dokumente und einstellungen\NetworkService\Favoriten

2010-06-22 20:10 . 2010-06-22 20:10        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Avant Profiles

2010-06-22 19:55 . 2010-06-22 19:55        --------        d-----w-        c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes

2010-06-19 08:00 . 2010-06-19 08:00        --------        d-----w-        C:\VritualRoot

2010-06-19 07:37 . 2010-06-19 07:46        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Comodo Downloader

2010-06-13 22:04 . 2010-06-13 22:04        --------        d-----w-        c:\programme\Gemeinsame Dateien\Wise Installation Wizard
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-01 18:49 . 2010-01-05 17:23        --------        d-----w-        c:\programme\CCleaner

2010-06-30 20:30 . 2006-01-03 00:54        --------        d-----w-        c:\programme\Microsoft Works

2010-06-28 14:11 . 2009-09-21 19:57        --------        d-----w-        c:\programme\EasyBits For Kids

2010-06-27 06:40 . 2010-01-02 00:55        664        ----a-w-        c:\windows\system32\d3d9caps.dat

2010-06-24 19:31 . 2009-12-01 21:46        1        ----a-w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-17 23:11 . 2010-05-05 16:51        --------        d-----w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Ebynd

2010-06-15 17:34 . 2010-03-13 14:14        --------        d-----w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Byva

2010-06-13 16:30 . 2009-09-22 12:53        106872        ----a-w-        c:\dokumente und einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2010-05-23 18:14 . 2010-05-23 18:14        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters

2010-05-23 17:59 . 2010-05-23 17:59        --------        d-----w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Uniblue

2010-05-23 06:30 . 2010-05-17 16:13        --------        d-----w-        c:\programme\Spyware Doctor

2010-05-22 16:27 . 2006-01-03 00:26        --------        d-----w-        c:\programme\Gemeinsame Dateien\Java

2010-05-22 16:27 . 2010-05-22 16:27        503808        ----a-w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-386245d1-n\msvcp71.dll

2010-05-22 16:27 . 2010-05-22 16:27        499712        ----a-w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-386245d1-n\jmc.dll

2010-05-22 16:27 . 2010-05-22 16:27        348160        ----a-w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-386245d1-n\msvcr71.dll

2010-05-22 16:26 . 2010-05-22 16:26        61440        ----a-w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e4d1457-n\decora-sse.dll

2010-05-22 16:26 . 2010-05-22 16:26        12800        ----a-w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4e4d1457-n\decora-d3d.dll

2010-05-22 16:26 . 2010-05-22 16:26        411368        ----a-w-        c:\windows\system32\deployJava1.dll

2010-05-22 16:26 . 2006-01-03 00:26        --------        d-----w-        c:\programme\Java

2010-05-22 16:23 . 2010-05-17 16:12        --------        d---a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP

2010-05-18 19:28 . 2010-05-18 19:24        --------        d-----w-        c:\programme\Avant Browser

2010-05-18 19:25 . 2010-05-18 19:25        --------        d-----w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Avant Profiles

2010-05-17 19:46 . 2010-02-21 15:02        --------        d-----w-        c:\programme\DivX

2010-05-17 19:45 . 2010-03-09 12:39        --------        d-----w-        c:\programme\Alawar

2010-05-17 19:45 . 2010-02-21 15:02        --------        d-----w-        c:\programme\Gemeinsame Dateien\DivX Shared

2010-05-17 19:41 . 2010-05-17 19:41        --------        d-----w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Media Player Classic

2010-05-17 19:27 . 2010-01-30 21:11        --------        d-----w-        c:\programme\Zylom Games

2010-05-16 20:29 . 2010-05-16 20:29        --------        d-----w-        c:\programme\Test

2010-05-16 20:19 . 2010-05-16 20:19        0        ----a-w-        c:\windows\nsreg.dat

2010-05-16 19:52 . 2010-01-05 17:31        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2010-05-11 06:24 . 2009-09-22 12:45        --------        d-----w-        c:\programme\Gemeinsame Dateien\Adobe

2010-05-09 01:14 . 2006-01-03 01:10        --------        d-----w-        c:\programme\Google

2010-05-08 13:05 . 2010-01-30 21:17        --------        d-----w-        c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Zylom

2010-04-29 10:19 . 2010-01-05 17:31        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 10:19 . 2010-01-05 17:31        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-04-22 04:51 . 2005-10-12 12:07        85350        ----a-w-        c:\windows\system32\perfc007.dat

2010-04-22 04:51 . 2005-10-12 12:07        460608        ----a-w-        c:\windows\system32\perfh007.dat

2010-04-18 20:17 . 2010-04-18 20:17        45056        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-04-18 20:17 . 2010-04-18 20:17        45056        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-04-18 20:17 . 2010-04-18 20:17        45056        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-04-18 20:17 . 2010-04-18 20:17        49152        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-04-18 20:17 . 2010-04-18 20:17        45056        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-04-18 20:17 . 2010-04-18 20:17        40960        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-04-18 20:17 . 2010-04-18 20:17        308808        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-04-18 20:17 . 2010-04-18 20:17        14848        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-04-18 20:17 . 2010-03-15 07:28        341600        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2009-09-22 06:01 . 2009-09-22 05:51        75656608        ----a-w-        c:\programme\N360v3DE.exe

2007-03-01 15:55 . 2009-09-22 03:41        22        --sha-w-        c:\windows\SMINST\HPCD.SYS

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"DMAScheduler"="c:\programme\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]

"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2006-04-06 1503232]

"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2010-04-18 202256]

"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2009-09-24 12:41        434176        ----a-w-        c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\EA Games\\Command and Conquer Generals\\game.dat"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Westwood\\SUN\\Game.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Programme\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=
 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [18.05.2010 21:14 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.05.2010 21:14 20560]

R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezntsvc.exe [21.09.2009 21:58 33792]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [18.04.2010 09:29 90112]

R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [21.09.2009 22:07 264704]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [18.04.2010 09:30 27632]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [06.10.2009 23:27 133104]

.

Inhalt des "geplante Tasks" Ordners
 

2010-06-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]
 

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-06 21:27]
 

2010-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-10-06 21:27]
 

2010-07-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3234704117-2214152862-3734889239-1007.job

- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
 

2010-07-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3234704117-2214152862-3734889239-1007.job

- c:\programme\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/ig?hl=de&amp;source=iglk

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

FF - ProfilePath - c:\dokumente und einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yovflroc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - component: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\programme\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)

Toolbar-Locked - (no file)

Toolbar-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)

HKLM-Run-PCDrProfiler - (no file)
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-01 21:20

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"
 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(780)

c:\windows\system32\Ati2evxx.dll
 

- - - - - - - > 'explorer.exe'(1948)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\programme\Alwil Software\Avast4\aswUpdSv.exe

c:\programme\Alwil Software\Avast4\ashServ.exe

c:\windows\arservice.exe

c:\programme\avmwlanstick\WlanNetService.exe

c:\programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\Ati2evxx.exe

c:\programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\ehome\mcrdsvc.exe

c:\programme\Alwil Software\Avast4\ashMaiSv.exe

c:\programme\Alwil Software\Avast4\ashWebSv.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\ARPWRMSG.EXE

c:\windows\eHome\ehmsas.exe

c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2010-07-01  21:25:59 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2010-07-01 19:25
 

Vor Suchlauf: 12 Verzeichnis(se), 201.056.522.240 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 200.999.542.784 Bytes frei
 

- - End Of File - - 006CEA4239A6BB8F892DDC80F85BA4CB

--- --- ---

Warum steht der Avast da obenmit drin? Habe ich ihn nicht richtig deaktiviert?

Gut. CF hat da einiges weggeräumt. Poste bitte zur besseren Übersicht OTL-Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Super ich kann die Windows updates wieder machen und google hat bisher auch nicht "falsch" weitergeleitet. Vielen Vielen Dank ^^

Hier noch OTL logs

OTL Logfile:

Code:

OTL Extras logfile created on: 02.07.2010 15:25:17 - Run 3

OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\HP_Administrator\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

959,00 Mb Total Physical Memory | 411,00 Mb Available Physical Memory | 43,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 226,29 Gb Total Space | 187,04 Gb Free Space | 82,66% Space Free | Partition Type: NTFS

Drive D: | 6,58 Gb Total Space | 0,80 Gb Free Space | 12,17% Space Free | Partition Type: FAT32

Drive E: | 675,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: DANNYDANAKLAUS

Current User Name: HP_Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Programme\Avant Browser\avant.exe (Avant Force)

.url [@ = InternetShortcut] -- C:\Programme\Avant Browser\avant.exe (Avant Force)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Programme\Avant Browser\avant.exe" %1 (Avant Force)

htmlfile [opennew] -- "C:\Programme\Avant Browser\avant.exe" %1 (Avant Force)

http [open] -- "C:\Programme\Avant Browser\avant.exe" %1 (Avant Force)

InternetShortcut [open] -- "C:\Programme\Avant Browser\avant.exe" %1 (Avant Force)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\EA Games\Command and Conquer Generals\game.dat" = C:\Programme\EA Games\Command and Conquer Generals\game.dat:*:Disabled:game -- ()

"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )

"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- (Hewlett-Packard)

"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Westwood\SUN\Game.exe" = C:\Westwood\SUN\Game.exe:*:Disabled:Main executable for Tiberian Sun -- (Westwood Studios)

"C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Disabled:Sony Ericsson Media Manager 1.0 -- (Sony Creative Software Inc.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300

"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung

"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer

"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig

"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{2EF095CE-24AF-4AAA-BB82-85F988EC51C0}" = 1und1 Internet Explorer Add-On

"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{30F7A307-E595-40F6-8842-B36C7747E978}" = Die Gilde 2 Venedig

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder

"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe

"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1

"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService

"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0

"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung

"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig

"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3

"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{83622A51-877C-4FB8-92BB-2572B3B4F4B8}" = OOBE06_Exp2

"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1

"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe  1.4.105.1

"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig

"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works

"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour

"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery

"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition

"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive

"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio

"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"1&1 EasyLogin" = 1&1 EasyLogin

"1F811665-E818-4956-9173-35CD47C9DCE0" = Otto

"1und1 Internet Explorer Add-On" = 1und1 Internet Explorer Add-On

"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2

"ATI Display Driver" = ATI Display Driver

"AvantBrowser" = Avant Browser (remove only)

"avast!" = avast! Antivirus

"AVMWLANCLI" = AVM FRITZ!WLAN

"AwayMode160" = Microsoft Away Mode

"BSC SFBT MML Mod" = BSC SFBT MML Mod 1.0

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP

"Columbus Tree Mod" = Columbus Tree Mod 1.0 deutsch

"Combat Cars" = Combat Cars

"Die Gilde" = Die Gilde

"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition

"Die Gilde Update 1.05 Beta 2" = Die Gilde Update 1.05 Beta 2

"Die Gilde Update v1.04a" = Die Gilde Update v1.04a

"EasyBits Magic Desktop" = EasyBits Magic Desktop

"Eisenbahn-Skins" = Eisenbahn-Skins 1.0

"GAMEFORGE Nostale(DE)_is1" = Nostale Online DE (Remove)

"GPL Ghostscript 8.70" = GPL Ghostscript 8.70

"High Speed Rail Project" = High Speed Rail Project Beta v1

"HijackThis" = HijackThis 1.99.1

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Photo & Imaging" = HP Photosmart Premier Software 6.5

"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals

"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen

"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste

"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung

"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 

"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)

"MUDRacer" = MUDRacer

"Network Addon Mod" = Network Addon Mod Version Juli 2009 Update

"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows

"Python 2.2.3" = Python 2.2.3

"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)

"QuicktimeAlt_is1" = QuickTime Alternative 1.81

"RealPlayer 12.0" = RealPlayer

"SFBT Straßenbaum-Mod" = SFBT Straßenbaum-Mod 1.0

"SimCity 3000" = SimCity 3000

"Tiberian Sun" = Command & Conquer Teil 3: Operation Tiberian Sun

"TRL2" = TRL2

"TRNY2" = TRNY2

"VDK GLR Tram Mod" = VDK GLR Tram Mod Vol. 2

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 
 ========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 04.01.2010 14:12:57 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = aswChestInterface - Program error description: CChestListView::OnCreate()

 !m_strErrorWnd.IsEmpty().  

 

Error - 04.01.2010 15:45:47 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = Error in aswChestC: chestAddFile Error 1753.  

 

Error - 11.03.2010 12:08:24 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = Error in aswChestC: chestOpenList Error 1753.  

 

Error - 11.03.2010 12:08:24 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = aswChestInterface - Program error description: CChestListView::LoadFiles()

 chestOpenList() failed: 2147422219.  

 

Error - 11.03.2010 12:08:27 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = aswChestInterface - Program error description: CChestListView::OnCreate()

 !m_strErrorWnd.IsEmpty().  

 

Error - 17.05.2010 13:40:15 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = Error in aswChestC: chestAddFile Error 1753.  

 

Error - 18.05.2010 14:28:16 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = Error in aswChestC: chestOpenList Error 1753.  

 

Error - 18.05.2010 14:28:16 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = aswChestInterface - Program error description: CChestListView::LoadFiles()

 chestOpenList() failed: 2147422219.  

 

Error - 18.05.2010 14:28:31 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = aswChestInterface - Program error description: CChestListView::OnCreate()

 !m_strErrorWnd.IsEmpty().  

 

Error - 18.05.2010 14:34:21 | Computer Name = DANNYDANAKLAUS | Source = avast! | ID = 33554522

Description = Error in aswChestC: chestAddFile Error 1753.  

 

[ Application Events ]

Error - 22.05.2010 05:04:27 | Computer Name = DANNYDANAKLAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung jaucheck.exe, Version 2.0.1.2, fehlgeschlagenes

 Modul jaucheck.exe, Version 2.0.1.2, Fehleradresse 0x0000c8d0.

 

Error - 22.05.2010 12:04:05 | Computer Name = DANNYDANAKLAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung jaucheck.exe, Version 2.0.1.2, fehlgeschlagenes

 Modul jaucheck.exe, Version 2.0.1.2, Fehleradresse 0x0000c8d0.

 

Error - 22.05.2010 12:18:42 | Computer Name = DANNYDANAKLAUS | Source = Application Error | ID = 1001

Description = Fehlerhafter Speicherbereich 1659175811.

 

Error - 22.05.2010 12:22:49 | Computer Name = DANNYDANAKLAUS | Source = pctsSvc.exe | ID = 0

Description = 

 

Error - 26.06.2010 04:59:13 | Computer Name = DANNYDANAKLAUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated

 abnormally  .

 

Error - 26.06.2010 04:59:13 | Computer Name = DANNYDANAKLAUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.

.

 

Error - 26.06.2010 07:01:41 | Computer Name = DANNYDANAKLAUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated

 abnormally  .

 

Error - 26.06.2010 08:22:32 | Computer Name = DANNYDANAKLAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung avant.exe, Version 11.7.0.46, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 26.06.2010 11:02:23 | Computer Name = DANNYDANAKLAUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: The connection with the server was terminated

 abnormally  .

 

Error - 26.06.2010 11:02:23 | Computer Name = DANNYDANAKLAUS | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Diese Netzwerkverbindung ist nicht vorhanden.

.

 

[ System Events ]

Error - 20.05.2010 08:47:27 | Computer Name = DANNYDANAKLAUS | Source = Ftdisk | ID = 262189

Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

 

Error - 20.05.2010 08:47:27 | Computer Name = DANNYDANAKLAUS | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 20.05.2010 14:10:14 | Computer Name = DANNYDANAKLAUS | Source = Ftdisk | ID = 262189

Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

 

Error - 20.05.2010 14:10:14 | Computer Name = DANNYDANAKLAUS | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 22.05.2010 03:22:17 | Computer Name = DANNYDANAKLAUS | Source = Ftdisk | ID = 262189

Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

 

Error - 22.05.2010 03:22:17 | Computer Name = DANNYDANAKLAUS | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 26.06.2010 04:24:17 | Computer Name = DANNYDANAKLAUS | Source = Ftdisk | ID = 262189

Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

 

Error - 26.06.2010 04:24:17 | Computer Name = DANNYDANAKLAUS | Source = Ftdisk | ID = 262193

Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist

 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition

 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher

 abbilden zu können.

 

Error - 26.06.2010 05:08:54 | Computer Name = DANNYDANAKLAUS | Source = SRService | ID = 104

Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

 

Error - 26.06.2010 05:08:54 | Computer Name = DANNYDANAKLAUS | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler

 beendet:   %%2

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 02.07.2010 15:25:17 - Run 3

OTL by OldTimer - Version 3.2.7.0     Folder = C:\Dokumente und Einstellungen\HP_Administrator\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

959,00 Mb Total Physical Memory | 411,00 Mb Available Physical Memory | 43,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 226,29 Gb Total Space | 187,04 Gb Free Space | 82,66% Space Free | Partition Type: NTFS

Drive D: | 6,58 Gb Total Space | 0,80 Gb Free Space | 12,17% Space Free | Partition Type: FAT32

Drive E: | 675,27 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: DANNYDANAKLAUS

Current User Name: HP_Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB979909-x86.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - c:\9235b3a3bfe2789e7455c9\HotFixInstaller.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\WINDOWS\system32\ezntsvc.exe (EasyBits Software Corp.)

PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\Programme\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)

PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

PRC - C:\WINDOWS\arpwrmsg.exe (Microsoft)

PRC - C:\WINDOWS\arservice.exe (Microsoft)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (ezntsvc) -- C:\WINDOWS\system32\ezntsvc.exe (EasyBits Software Corp.)

SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (Capture Device Service) -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)

SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)

SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)

DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)

DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)

DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation)

DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)

DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)

DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)

DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )

DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)

DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)

DRV - (winachsx) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)

DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)

DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search="

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..keyword.URL: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search="

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.18 22:17:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.16 22:18:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.30 22:29:27 | 000,000,000 | ---D | M]

 

[2010.02.21 22:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Extensions

[2010.05.18 20:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yovflroc.default\extensions

[2010.05.18 20:54:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yovflroc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.03.18 19:31:34 | 000,000,266 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yovflroc.default\searchplugins\Search.xml

[2010.05.22 18:26:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.05.22 18:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.05.22 18:26:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2009.10.26 16:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.07.01 21:20:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (1&&1 Internet AG Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)

O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)

O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)

O4 - HKLM..\Run: [DMAScheduler] c:\Programme\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)

O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)

O4 - HKLM..\Run: [HPBootOp] C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274545646618 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\WINDOWS\system32\ezUPBHook.dll (EasyBits Software Corp.)

O28 - HKLM ShellExecuteHooks: UPB:{AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.10.12 14:01:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001.07.27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [1999.01.19 13:37:14 | 002,119,160 | R--- | M] () - E:\AUTOPLAY.WAV -- [ CDFS ]

O32 - AutoRun File - [1999.07.16 17:57:18 | 000,512,000 | R--- | M] () - E:\AUTORUN.EXE -- [ CDFS ]

O32 - AutoRun File - [1999.06.29 17:46:02 | 000,000,135 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.07.02 15:24:21 | 000,000,000 | ---D | C] -- C:\9235b3a3bfe2789e7455c9

[2010.07.02 00:12:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.07.01 21:02:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.07.01 21:02:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.07.01 21:02:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.07.01 21:02:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.07.01 21:02:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.07.01 20:52:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Recent

[2010.07.01 20:43:44 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.06.30 22:48:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OSAM

[2010.06.26 10:14:22 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe

[2010.06.22 21:33:43 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\HijackThis.exe

[2010.06.20 16:06:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\Bilder

[2010.06.19 10:00:46 | 000,000,000 | ---D | C] -- C:\VritualRoot

[2010.06.19 09:37:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Comodo Downloader

[2010.06.14 00:04:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.07.02 15:34:33 | 001,029,592 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.07.02 15:34:33 | 000,460,608 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.07.02 15:34:33 | 000,442,602 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.07.02 15:34:33 | 000,085,350 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.07.02 15:34:33 | 000,071,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.07.02 15:10:00 | 000,001,108 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.07.02 12:40:48 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2010.07.02 12:39:47 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.07.02 12:39:44 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3234704117-2214152862-3734889239-1007.job

[2010.07.02 12:35:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.07.02 12:35:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.07.02 02:10:44 | 006,029,312 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\ntuser.dat

[2010.07.02 02:10:44 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\ntuser.ini

[2010.07.02 02:10:36 | 001,582,486 | -H-- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.07.01 21:21:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.07.01 21:20:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.07.01 21:20:21 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3234704117-2214152862-3734889239-1007.job

[2010.07.01 20:49:52 | 000,000,665 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\CCleaner.lnk

[2010.07.01 20:43:17 | 003,725,156 | R--- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\cofi.exe

[2010.07.01 10:34:45 | 000,347,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.06.30 22:29:24 | 000,000,496 | ---- | M] () -- C:\WINDOWS\win.ini

[2010.06.30 22:23:27 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Paint Shop Pro 7.lnk

[2010.06.30 12:10:57 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010.06.27 22:14:05 | 000,019,968 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Abschiedsgedicht für Gabi.doc

[2010.06.27 08:40:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.06.26 16:29:21 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010.06.26 13:05:43 | 000,574,464 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\Das Haushaltsbuch.xls

[2010.06.26 10:12:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe

[2010.06.13 18:30:33 | 000,106,872 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

[2010.06.10 17:29:14 | 000,266,514 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\h + b.psp

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.07.01 21:02:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.07.01 21:02:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.07.01 21:02:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.07.01 21:02:45 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.07.01 21:02:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.07.01 20:43:17 | 003,725,156 | R--- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\cofi.exe

[2010.06.27 22:14:04 | 000,019,968 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Abschiedsgedicht für Gabi.doc

[2010.06.26 12:42:14 | 000,574,464 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\Das Haushaltsbuch.xls

[2010.06.10 17:29:14 | 000,266,514 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\h + b.psp

[2010.04.22 15:48:02 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2010.04.22 15:48:02 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2010.04.22 15:48:02 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2010.04.22 15:48:02 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2010.04.22 15:48:02 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2010.04.22 15:48:02 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2010.03.13 14:28:30 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009.12.01 22:58:31 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini

[2009.09.22 15:14:19 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2009.09.22 13:43:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2006.06.16 20:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006.01.03 03:31:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006.01.03 03:05:07 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys

[2006.01.03 02:58:53 | 000,014,378 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2006.01.03 02:58:48 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2006.01.03 02:51:12 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2006.01.03 02:45:14 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2006.01.03 02:40:22 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006.01.03 02:17:51 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll

[2006.01.03 02:17:51 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll

[2006.01.03 02:17:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2005.08.05 22:26:04 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005.08.03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll

[2004.07.26 22:08:20 | 000,001,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL

[2001.07.13 08:04:00 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI

[2001.07.07 03:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >

--- --- ---

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="

FF - prefs.js..keyword.URL: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="

O32 - AutoRun File - [2005.10.12 14:01:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001.07.27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [1999.01.19 13:37:14 | 002,119,160 | R--- | M] () - E:\AUTOPLAY.WAV -- [ CDFS ]

O32 - AutoRun File - [1999.07.16 17:57:18 | 000,512,000 | R--- | M] () - E:\AUTORUN.EXE -- [ CDFS ]

O32 - AutoRun File - [1999.06.29 17:46:02 | 000,000,135 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Hier das Logfile

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" removed from browser.search.defaulturl
Prefs.js: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=" removed from keyword.URL
C:\AUTOEXEC.BAT moved successfully.
D:\AUTOEXEC.BAT moved successfully.
File move failed. E:\AUTOPLAY.WAV scheduled to be moved on reboot.
File move failed. E:\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3131 bytes
->FireFox cache emptied: 3415637 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Gast
->Temp folder emptied: 1424367 bytes
->Temporary Internet Files folder emptied: 821690 bytes
->Flash cache emptied: 434 bytes

User: HP_Administrator
->Temp folder emptied: 43785463 bytes
->Temporary Internet Files folder emptied: 47462389 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37820876 bytes
->Flash cache emptied: 7294 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 16786 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 7066 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29911 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 129,00 mb

OTL by OldTimer - Version 3.2.7.0 log created on 07022010_173329

Files\Folders moved on Reboot...
File move failed. E:\AUTOPLAY.WAV scheduled to be moved on reboot.
File move failed. E:\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. E:\AUTORUN.INF scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_568.dat not found!

Registry entries deleted on Reboot...