Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner w32 patchload.a und TR/Kazy.24148

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.09.2011, 21:13   #1
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Hallo zusammen!
Habe seid heute ein großes Problem!
Habe mir wohl einen Trojaner eingefangen. AntiVir hat sofort angeschlagen, wurde dann aber leider von alleine beendet.... und jetzt fährt der Rechner nicht mehr hoch. Kurz bevor er zur Anmeldung kommt startet er neu!
Habe Windows XP drauf. Bitte um Hilfe!
Danke schonmal im Vorraus!!

Alt 01.09.2011, 23:40   #2
Swisstreasure
/// Malwareteam
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Falls Du kein Brennprogramm installiert hast, lade
dir bitte ISOBurner herunter.
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
    Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von mit der OTLPE CD.
Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
__________________


Alt 01.09.2011, 23:52   #3
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Hallo Swiss!
Darf ich die Datei OTLPENet.exe von einem anderen Rechner runterladen und von dort aus auch brennen? Denn habe zur zeit die Internetverbindung am verseuchten PC gekappt und vom Netzwerk genommen. Habe festgestellt kann diesen im abgesicherten modus ohne probleme hochfahren, falls das was hilft.
Gruss Oemmel!
__________________

Alt 01.09.2011, 23:57   #4
Swisstreasure
/// Malwareteam
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Du musst es von einem anderen PC aus machen

Alt 02.09.2011, 00:51   #5
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Hier der Inhalt Otl.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/2/2011 1:43:39 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,022.00 Mb Total Physical Memory | 758.00 Mb Available Physical Memory | 74.00% Memory free
906.00 Mb Paging File | 812.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 97.65 Gb Total Space | 51.02 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
Drive D: | 291.13 Gb Total Space | 194.96 Gb Free Space | 66.97% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 17.12 Gb Free Space | 35.07% Space Free | Partition Type: NTFS
Drive J: | 19.53 Gb Total Space | 0.49 Gb Free Space | 2.51% Space Free | Partition Type: NTFS
Drive K: | 23.90 Gb Total Space | 0.20 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
Drive L: | 6.95 Gb Total Space | 1.05 Gb Free Space | 15.16% Space Free | Partition Type: FAT32
Drive M: | 1003.47 Mb Total Space | 1003.36 Mb Free Space | 99.99% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (PnkBstrA)
SRV - File not found [Auto] --  -- (MySQL)
SRV - File not found [Auto] --  -- (LightScribeService)
SRV - File not found [Auto] --  -- (JavaQuickStarterService)
SRV - File not found [On_Demand] --  -- (iPod Service)
SRV - File not found [Auto] --  -- (ICQ Service)
SRV - File not found [Auto] --  -- (HauppaugeTVServer)
SRV - File not found [Auto] --  -- (FsUsbExService)
SRV - File not found [Auto] --  -- (DeviceManager)
SRV - File not found [Auto] --  -- (Bonjour Service)
SRV - File not found [Auto] --  -- (Ati HotKey Poller)
SRV - File not found [Auto] --  -- (Apple Mobile Device)
SRV - File not found [Auto] --  -- (AntiVirScheduler)
SRV - [2011/09/01 14:45:59 | 000,153,088 | ---- | M] () [Auto] -- D:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto] -- D:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/04/07 03:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand] -- D:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/04/19 09:35:19 | 000,069,120 | ---- | M] (Google) [On_Demand] -- D:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto] -- D:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/10/22 05:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (InCDRm)
DRV - File not found [Kernel | System] --  -- (InCDPass)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/09/01 15:23:21 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- D:\WINDOWS\1381543154 -- (f2ac5852)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System] -- D:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System] -- D:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/12 07:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010/03/12 05:47:58 | 000,321,280 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2010/03/12 05:47:57 | 000,012,288 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2010/03/12 05:47:56 | 000,216,576 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\hcw88bda.sys -- (hcw88bda)
DRV - [2010/03/12 05:47:56 | 000,013,440 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | System] -- D:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2009/11/14 12:50:56 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- D:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/11/14 12:50:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/10/22 09:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/09/21 03:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- D:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/05/25 06:18:02 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009/03/20 04:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 04:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 04:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] () [Kernel | System] -- D:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/13 15:24:13 | 002,155,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/02/22 04:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 04:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 04:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 04:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/07/24 19:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 20:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/29 11:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 17:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/09 08:27:01 | 000,043,008 | ---- | M] () [Kernel | On_Demand] -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Temp\gUSBSTOi.sys -- (gUSBSTOi)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003/11/05 01:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)
DRV - [2002/04/09 11:00:10 | 000,004,480 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Andere_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\Andere_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\Andere_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\Andere_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
IE - HKU\Andere_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Prev Search Page = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = ICQ.com Suche
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - D:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - D:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
IE - HKU\HP_Administrator_ON_D\..\URLSearchHook: {fb7d98cb-b228-4ecb-acac-e7101156338e} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HP_Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: D:\Programme\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: D:\Programme\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: D:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: D:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/27 21:34:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011/01/06 08:13:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011/01/06 08:13:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2011/09/01 14:55:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/08/20 11:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/06/03 09:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010/11/19 12:14:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011/01/06 08:13:16 | 000,000,000 | ---D | M]
 
[2011/08/22 06:52:58 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2007/04/19 09:43:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- D:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/03 09:51:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- D:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010/07/08 05:56:52 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/14 15:03:00 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/22 06:52:59 | 000,000,000 | ---D | M] (Java Console) -- D:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2007/08/27 14:45:18 | 000,000,000 | ---D | M] (Google Settings) -- D:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2011/08/20 11:05:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- D:\Programme\mozilla firefox\components\browsercomps.dll
[2011/05/03 22:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/20 11:05:20 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/08/20 11:05:20 | 000,002,252 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/08/20 11:05:20 | 000,001,153 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/08/20 11:05:20 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/08/20 11:05:20 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/08/20 11:05:20 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,820 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -  File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - D:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - D:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - D:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - D:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TECHNO4EVER Toolbar) - {fb7d98cb-b228-4ecb-acac-e7101156338e} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - D:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - D:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
O3 - HKLM\..\Toolbar: (TECHNO4EVER Toolbar) - {fb7d98cb-b228-4ecb-acac-e7101156338e} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\ShellBrowser: (TECHNO4EVER Toolbar) - {FB7D98CB-B228-4ECB-ACAC-E7101156338E} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - D:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - D:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
O3 - HKU\HP_Administrator_ON_D\..\Toolbar\WebBrowser: (TECHNO4EVER Toolbar) - {FB7D98CB-B228-4ECB-ACAC-E7101156338E} - D:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] D:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast] D:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPBootOp] D:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] D:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\Administrator_ON_D..\RunOnce: [NeroHomeFirstStart]  File not found
O4 - HKU\Andere_ON_D..\RunOnce: [NeroHomeFirstStart]  File not found
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = D:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = D:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinTV Recording Status..lnk = D:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Andere_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\HP_Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - D:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - D:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - D:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: D:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/12 08:01:16 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - L:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - L:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/01 15:31:05 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Desktop\Neuer Ordner (3)
[2011/09/01 14:55:25 | 000,309,848 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/01 14:55:25 | 000,019,544 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/01 14:55:25 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2011/09/01 14:55:24 | 000,043,608 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/01 14:55:24 | 000,025,432 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/01 14:55:23 | 000,441,176 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/01 14:55:23 | 000,102,616 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/01 14:55:23 | 000,096,344 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/01 14:55:22 | 000,030,808 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/01 14:55:04 | 000,040,112 | ---- | C] (AVAST Software) -- D:\WINDOWS\avastSS.scr
[2011/09/01 14:55:03 | 000,199,304 | ---- | C] (AVAST Software) -- D:\WINDOWS\System32\aswBoot.exe
[2011/09/01 14:54:51 | 000,000,000 | ---D | C] -- D:\Programme\AVAST Software
[2011/09/01 14:54:51 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011/08/27 15:58:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/25 09:38:37 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\RE's Lager-Verwaltung
[2011/08/25 09:38:37 | 000,000,000 | ---D | C] -- D:\Programme\Lagerverwaltung
[2011/08/25 09:24:34 | 000,000,000 | ---D | C] -- D:\Programme\Lagerverwaltung 2
[2011/08/23 14:32:41 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\Warenwirtschaftssystem
[2011/08/23 14:32:39 | 000,000,000 | ---D | C] -- D:\Programme\Common~1
[2011/08/23 14:32:04 | 000,000,000 | ---D | C] -- D:\WINDOWS\System32\T1FONTS
[2011/08/23 14:29:27 | 000,000,000 | ---D | C] -- D:\Baumann
[2011/08/23 13:53:07 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DATA BECKER
[2011/08/23 13:50:12 | 000,131,584 | ---- | C] (DATA BECKER) -- D:\WINDOWS\DBReg.exe
[2011/08/23 13:50:11 | 000,627,200 | ---- | C] (DATA BECKER) -- D:\WINDOWS\DBREG.dll
[2011/08/23 13:50:10 | 000,628,736 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltocx12n.ocx
[2011/08/23 13:50:10 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltkrn12n.dll
[2011/08/23 13:50:10 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltimg12n.dll
[2011/08/23 13:50:10 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltfil12n.DLL
[2011/08/23 13:50:10 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\lttwn12n.dll
[2011/08/23 13:50:09 | 000,328,704 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\LFCMP12n.DLL
[2011/08/23 13:50:09 | 000,290,816 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\Tx4ole.ocx
[2011/08/23 13:50:09 | 000,259,072 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\LTDIS12n.dll
[2011/08/23 13:50:09 | 000,207,872 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\ltefx12n.dll
[2011/08/23 13:50:09 | 000,081,920 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\txtls32.dll
[2011/08/23 13:50:09 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\wndtls32.dll
[2011/08/23 13:50:09 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\lfgif12n.dll
[2011/08/23 13:50:09 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- D:\WINDOWS\System32\lfbmp12n.dll
[2011/08/23 13:50:08 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\txobj32.dll
[2011/08/23 13:50:08 | 000,323,584 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_word.dll
[2011/08/23 13:50:08 | 000,244,416 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSFLXGRD.OCX
[2011/08/23 13:50:08 | 000,135,168 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_htm32.dll
[2011/08/23 13:50:08 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_rtf32.dll
[2011/08/23 13:50:08 | 000,115,920 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSINET.OCX
[2011/08/23 13:50:08 | 000,069,632 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\ic32.dll
[2011/08/23 13:50:08 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_tif32.flt
[2011/08/23 13:50:08 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_wmf32.flt
[2011/08/23 13:50:08 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- D:\WINDOWS\System32\tx_bmp32.flt
[2011/08/23 13:50:07 | 001,050,896 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msjet35.dll
[2011/08/23 13:50:07 | 000,252,176 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSRD2X35.DLL
[2011/08/23 13:50:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\CMDLGDE.DLL
[2011/08/23 13:50:06 | 000,415,504 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\msrepl35.dll
[2011/08/23 13:50:06 | 000,173,304 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\MimeX.dll
[2011/08/23 13:50:06 | 000,158,208 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSCMCDE.DLL
[2011/08/23 13:50:06 | 000,144,640 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\PopX.OCX
[2011/08/23 13:50:06 | 000,132,344 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\PopX.dll
[2011/08/23 13:50:06 | 000,125,712 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\VB6DE.DLL
[2011/08/23 13:50:06 | 000,089,360 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\VB5DB.DLL
[2011/08/23 13:50:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSCC2DE.DLL
[2011/08/23 13:50:06 | 000,024,848 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\MSJTER35.DLL
[2011/08/23 13:50:05 | 000,279,800 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\FtpX.DLL
[2011/08/23 13:50:05 | 000,152,824 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\EncodeX.dll
[2011/08/23 13:50:05 | 000,148,736 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\FtpX.OCX
[2011/08/23 13:50:05 | 000,132,360 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\EncodeX.OCX
[2011/08/23 13:50:05 | 000,099,576 | ---- | C] (Mabry Software, Inc.) -- D:\WINDOWS\System32\MabryObj.dll
[2011/08/23 13:50:03 | 000,000,000 | ---D | C] -- D:\Programme\DATA BECKER
[2011/08/22 10:46:51 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\MySQL
[2011/08/22 10:45:52 | 000,000,000 | ---D | C] -- D:\Programme\MySQL
[2011/08/22 10:45:52 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2011/08/22 09:13:10 | 000,000,000 | ---D | C] -- D:\Programme\CAO-Faktura
[2011/08/22 07:18:45 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Online Shop 6
[2011/08/22 07:14:50 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Online Shop 6
[2011/08/22 07:07:36 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\Winload
[2011/08/22 07:07:35 | 000,000,000 | ---D | C] -- D:\Programme\Winload
[2011/08/22 07:06:49 | 000,000,000 | ---D | C] -- D:\Programme\Mein Gutscheincode Finder
[2011/08/22 06:52:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2011/08/22 06:52:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2011/08/22 06:52:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[2011/08/14 09:17:17 | 000,139,656 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/14 09:03:14 | 000,010,496 | ---- | C] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\ndistapi.sys
[2006/02/19 05:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- D:\WINDOWS\Fonts\RandFont.dll
[2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[11 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/01 18:27:39 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/09/01 15:36:03 | 000,088,064 | ---- | M] () -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/01 15:23:21 | 000,000,000 | ---- | M] () -- D:\WINDOWS\1381543154
[2011/09/01 14:58:00 | 000,001,090 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/01 14:55:26 | 000,001,664 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/01 14:55:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Free Antivirus
[2011/09/01 14:55:23 | 000,003,001 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2011/09/01 14:50:45 | 000,000,186 | ---- | M] () -- D:\WINDOWS\System\hpsysdrv.DAT
[2011/09/01 14:49:22 | 000,001,158 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/09/01 14:49:11 | 000,000,860 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2011/09/01 14:49:04 | 000,001,086 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/01 14:26:49 | 000,000,291 | RHS- | M] () -- D:\boot.ini
[2011/09/01 14:23:26 | 004,194,304 | ---- | M] () -- D:\WINDOWS\System32\kncnfspb.dll
[2011/08/30 14:03:15 | 000,002,519 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Excel.lnk
[2011/08/27 15:58:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- D:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/27 12:05:06 | 000,000,276 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/25 09:32:22 | 000,001,275 | ---- | M] () -- D:\WINDOWS\Lager.INI
[2011/08/25 09:24:34 | 000,080,896 | ---- | M] () -- D:\WINDOWS\cadkasdeinst01.exe
[2011/08/25 08:50:05 | 000,235,960 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/23 14:32:46 | 000,000,008 | ---- | M] () -- D:\WINDOWS\System32\PROTOCOL.INI
[2011/08/23 13:53:07 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DATA BECKER
[2011/08/22 06:25:57 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
[2011/08/14 17:05:12 | 000,461,030 | ---- | M] () -- D:\WINDOWS\System32\perfh007.dat
[2011/08/14 17:05:12 | 000,443,024 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/08/14 17:05:12 | 000,085,772 | ---- | M] () -- D:\WINDOWS\System32\perfc007.dat
[2011/08/14 17:05:12 | 000,072,290 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2011/08/14 17:02:22 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[11 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/09/01 14:55:26 | 000,001,664 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/01 14:23:26 | 004,194,304 | ---- | C] () -- D:\WINDOWS\System32\kncnfspb.dll
[2011/09/01 14:23:26 | 000,000,000 | ---- | C] () -- D:\WINDOWS\1381543154
[2011/08/25 09:32:22 | 000,001,275 | ---- | C] () -- D:\WINDOWS\Lager.INI
[2011/08/25 09:24:34 | 000,080,896 | ---- | C] () -- D:\WINDOWS\cadkasdeinst01.exe
[2011/08/23 14:32:46 | 000,000,008 | ---- | C] () -- D:\WINDOWS\System32\PROTOCOL.INI
[2011/08/23 13:50:13 | 000,016,070 | ---- | C] () -- D:\WINDOWS\German2.ini
[2011/08/23 13:50:08 | 000,446,464 | ---- | C] () -- D:\WINDOWS\System32\Tx32.dll
[2011/08/23 13:50:08 | 000,000,151 | ---- | C] () -- D:\WINDOWS\System32\ic32.ini
[2011/01/05 14:17:49 | 000,034,706 | ---- | C] () -- D:\WINDOWS\Irremote.ini
[2011/01/05 14:17:04 | 000,142,337 | ---- | C] () -- D:\WINDOWS\System32\Wait.exe
[2011/01/05 14:07:51 | 000,002,312 | ---- | C] () -- D:\WINDOWS\HCWPNP.INI
[2011/01/05 14:01:49 | 000,040,960 | R--- | C] () -- D:\WINDOWS\System32\hcwxds.dll
[2010/07/29 13:20:32 | 000,110,592 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/07/29 13:20:32 | 000,036,608 | ---- | C] () -- D:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/07/29 13:20:23 | 000,002,528 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\$_hpcst$.hpc
[2010/01/06 17:32:32 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2009/08/21 10:58:40 | 000,122,880 | ---- | C] () -- D:\WINDOWS\System32\AitVirtualComInstall.exe
[2009/07/20 14:10:48 | 000,307,200 | ---- | C] () -- D:\WINDOWS\System32\InstallVCOM.exe
[2009/05/02 17:09:50 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009/01/25 17:10:48 | 000,179,200 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009/01/08 19:01:22 | 000,629,760 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2008/05/04 11:39:34 | 000,002,560 | ---- | C] () -- D:\WINDOWS\System32\ViaClassCoInstaller.dll
[2008/01/16 15:06:42 | 000,000,032 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008/01/14 20:31:00 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx14_ic.ini
[2007/12/12 15:56:55 | 000,000,085 | -HS- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2007/11/15 14:34:05 | 000,022,328 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/15 14:33:35 | 000,022,328 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\PnkBstrK.sys
[2007/11/15 14:32:49 | 000,103,736 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrB.exe
[2007/11/15 14:32:30 | 000,000,311 | ---- | C] () -- D:\WINDOWS\game.ini
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/05 07:45:52 | 000,000,604 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\AutoGK.ini
[2007/10/04 13:16:17 | 000,043,698 | ---- | C] () -- D:\WINDOWS\System32\xvid-uninstall.exe
[2007/07/12 15:52:37 | 000,000,507 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2007/07/02 18:21:53 | 000,520,192 | ---- | C] () -- D:\WINDOWS\System32\ati2sgag.exe
[2007/06/13 14:57:04 | 003,107,788 | ---- | C] () -- D:\WINDOWS\System32\ativvaxx.dat
[2007/06/13 14:57:04 | 003,107,788 | ---- | C] () -- D:\WINDOWS\System32\ativva5x.dat
[2007/06/13 14:57:04 | 000,972,072 | ---- | C] () -- D:\WINDOWS\System32\ativva6x.dat
[2007/06/13 12:26:05 | 000,059,653 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\NMM-MetaData.db
[2007/05/23 12:08:42 | 000,000,146 | ---- | C] () -- D:\Dokumente und Einstellungen\Andere\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/05/23 11:52:34 | 000,000,153 | ---- | C] () -- D:\WINDOWS\imageconvert.ini
[2007/04/29 13:43:04 | 000,149,504 | ---- | C] () -- D:\WINDOWS\System32\UNWISE32.EXE
[2007/04/29 13:04:33 | 000,001,861 | ---- | C] () -- D:\WINDOWS\Transbox.ini
[2007/04/28 12:48:35 | 000,000,075 | ---- | C] () -- D:\WINDOWS\System32\icoappini.ini
[2007/04/22 17:25:56 | 000,005,632 | ---- | C] () -- D:\WINDOWS\System32\CNMVS53.DLL
[2007/04/19 14:36:52 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2007/04/19 09:52:10 | 000,088,064 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 09:43:22 | 000,003,396 | ---- | C] () -- D:\WINDOWS\mozver.dat
[2007/04/06 14:32:47 | 000,000,305 | ---- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007/01/03 15:46:14 | 000,000,149 | ---- | C] () -- D:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\px.ini
[2006/01/02 20:23:22 | 000,000,061 | ---- | C] () -- D:\WINDOWS\smscfg.ini
[2006/01/02 19:58:03 | 000,028,848 | ---- | C] () -- D:\WINDOWS\System32\drivers\USBkey.sys
[2006/01/02 19:50:59 | 000,014,378 | ---- | C] () -- D:\WINDOWS\System32\CHODDI.SYS
[2006/01/02 19:50:50 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\hpreg.dll
[2006/01/02 19:42:37 | 000,000,157 | ---- | C] () -- D:\WINDOWS\WININIT.INI
[2006/01/02 19:37:18 | 000,105,702 | ---- | C] () -- D:\WINDOWS\hpqins69.dat
[2006/01/02 19:36:19 | 000,003,776 | ---- | C] () -- D:\WINDOWS\System32\fxsperf.ini
[2006/01/02 19:31:49 | 000,144,357 | ---- | C] () -- D:\WINDOWS\System32\atiicdxx.dat
[2006/01/02 19:30:36 | 000,000,849 | ---- | C] () -- D:\WINDOWS\orun32.ini
[2006/01/02 19:10:44 | 000,000,146 | ---- | C] () -- D:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/01/02 19:08:34 | 000,016,896 | ---- | C] () -- D:\WINDOWS\System32\bcbmm.dll
[2005/12/07 06:31:00 | 000,202,752 | R--- | C] () -- D:\WINDOWS\System32\CddbCdda.dll
[2005/10/12 08:46:00 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2005/10/12 08:07:40 | 000,461,030 | ---- | C] () -- D:\WINDOWS\System32\perfh007.dat
[2005/10/12 08:07:40 | 000,443,024 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2005/10/12 08:07:40 | 000,085,772 | ---- | C] () -- D:\WINDOWS\System32\perfc007.dat
[2005/10/12 08:07:40 | 000,072,290 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2005/10/12 08:05:28 | 000,235,960 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/12 08:00:50 | 000,004,335 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2005/10/12 07:56:54 | 000,021,740 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2005/09/15 04:03:00 | 000,569,344 | ---- | C] () -- D:\WINDOWS\System32\tx11.dll
[2005/08/05 16:26:04 | 000,235,008 | ---- | C] () -- D:\WINDOWS\System32\PsisDecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- D:\WINDOWS\armcex.dll
[2005/02/05 04:33:06 | 000,057,344 | ---- | C] () -- D:\WINDOWS\System32\TrcCli5.dll
[2005/02/05 04:33:04 | 000,311,808 | ---- | C] () -- D:\WINDOWS\System32\rfapi5.dll
[2005/02/05 04:33:02 | 000,221,253 | ---- | C] () -- D:\WINDOWS\System32\CfgCapi.dll
[2004/10/22 08:43:16 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx11_ic.ini
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/08/10 00:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/10 00:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/10 00:00:00 | 000,269,480 | ---- | C] () -- D:\WINDOWS\System32\perfi007.dat
[2004/08/10 00:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/10 00:00:00 | 000,062,976 | ---- | C] () -- D:\WINDOWS\System32\drivers\cdrom.sys
[2004/08/10 00:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/10 00:00:00 | 000,034,478 | ---- | C] () -- D:\WINDOWS\System32\perfd007.dat
[2004/08/10 00:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/10 00:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2004/08/10 00:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2004/07/26 16:08:20 | 000,001,194 | ---- | C] () -- D:\WINDOWS\System32\oeminfo.ini
[2003/12/01 04:34:54 | 000,144,384 | ---- | C] () -- D:\WINDOWS\System32\lttls14n.dll
[2003/12/01 04:34:32 | 000,721,408 | ---- | C] () -- D:\WINDOWS\System32\ltcry14n.dll
[2003/04/23 10:00:30 | 000,281,600 | ---- | C] () -- D:\WINDOWS\System32\Talbc.dll
[2003/04/12 13:28:16 | 000,092,160 | ---- | C] () -- D:\WINDOWS\System32\TALRSS14.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2001/08/23 11:12:28 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2001/08/23 11:11:02 | 000,004,490 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2000/06/27 18:00:00 | 000,124,416 | ---- | C] () -- D:\WINDOWS\System32\dXCtrls.dll
[1999/01/22 21:46:56 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\MSRTEDIT.DLL
[1998/06/04 02:34:48 | 000,070,144 | ---- | C] () -- D:\WINDOWS\System32\Talbcdmx.dll
 
========== LOP Check ==========
 
[2011/09/01 14:48:39 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2011/09/01 14:54:51 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2007/06/13 12:18:20 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2007/12/12 15:57:02 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
[2010/01/06 10:05:18 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2007/06/13 12:16:20 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2011/08/22 10:45:52 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2007/06/13 12:23:32 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010/11/11 14:17:08 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 816 bytes -> D:\WINDOWS\1381543154:223586221.exe
@Alternate Data Stream - 48 bytes -> D:\WINDOWS:BC53D08132A418FB
< End of report >
         
--- --- ---


Alt 02.09.2011, 00:55   #6
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Hier den Inhalt Extras:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 9/2/2011 1:43:39 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,022.00 Mb Total Physical Memory | 758.00 Mb Available Physical Memory | 74.00% Memory free
906.00 Mb Paging File | 812.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 97.65 Gb Total Space | 51.02 Gb Free Space | 52.24% Space Free | Partition Type: NTFS
Drive D: | 291.13 Gb Total Space | 194.96 Gb Free Space | 66.97% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 17.12 Gb Free Space | 35.07% Space Free | Partition Type: NTFS
Drive J: | 19.53 Gb Total Space | 0.49 Gb Free Space | 2.51% Space Free | Partition Type: NTFS
Drive K: | 23.90 Gb Total Space | 0.20 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
Drive L: | 6.95 Gb Total Space | 1.05 Gb Free Space | 15.16% Space Free | Partition Type: FAT32
Drive M: | 1003.47 Mb Total Space | 1003.36 Mb Free Space | 99.99% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- D:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL Germany
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"C:\Programme\Xfire\xfire.exe" = C:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\Valve\Steam\steam.exe" = C:\Programme\Valve\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"H:\Valve2\hl.exe" = H:\Valve2\hl.exe:*:Enabled:Half-Life Launcher
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life deathmatch source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life deathmatch source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life 2 deathmatch\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour"
"C:\Programme\WinTV\WinTV7\WinTV7.exe" = C:\Programme\WinTV\WinTV7\WinTV7.exe:*:Enabled:WinTV7 -- (Hauppauge Computer Works, Inc.)
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\counter-strike source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Downloads\stinger10.2.0.267.exe" = C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Downloads\stinger10.2.0.267.exe:*:Enabled:stinger10.2.0.267 -- ()
"C:\Programme\AntiVir PersonalEdition Classic\update.exe" = C:\Programme\AntiVir PersonalEdition Classic\update.exe:*:Enabled:Antivirus Updater -- (Avira GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{02850087-A59F-4782-B8AF-40674752D5F1}" = ATI Catalyst Control Center
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{37DD5BB3-9DB4-4D92-9E50-16F2AD14A317}" = MySQL Server 5.5
"{3B5FEE89-AB5A-4EA9-A3AB-40216ADE225B}" = MovieJack DVD 2
"{41153CDC-08C5-41A3-8FE3-81F7896ED8E1}" = Warenwirtschaftssystem 8.0
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe  1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
"1F811665-E818-4956-9173-35CD47C9DCE0" = Otto
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.55
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"AwayMode160" = Microsoft Away Mode
"BIMPLite" = BIMP Lite 1.62
"CANONBJ_Deinstall_CNMCP53.DLL" = Canon i350
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Counter-Strike Source" = Counter-Strike Source
"DivX Setup.divx.com" = DivX-Setup
"DVD-CLONER VII_is1" = DVD-CLONER V7.00 Build 990
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"HTPE3" = HyperTerminal Private Edition v6.3
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageConverter" = ImageConverter 1.0
"InfraRecorder" = InfraRecorder
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Lagerverwaltung" = RE's Lager-Verwaltung Version 1.3
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShockwaveFlash" = Macromedia Flash Player 8
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Techno4ever Player" = Techno4ever Player
"Techno4ever Toolbar" = Techno4ever Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6
"VobSub" = VobSub v2.23 (Remove Only)
"web2date" = DATA BECKER shop to date 5
"WIC" = Windows Imaging Component
"Windows Lemmings" = Lemmings for Windows 95
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Toolbar" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\HP_Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
< End of report >
         
--- --- ---

Alt 02.09.2011, 10:32   #7
Swisstreasure
/// Malwareteam
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Schritt 1

Mehrere Anti-Virus-Programme

Code:
ATTFilter
Avast
Avira
         
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast. Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast und deinstalliere die anderen.

Schritt 2

Fixen mit OTLpe
  • Starte den unbootbaren Computer erneut mit der OTLPE-CD,
  • warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.
  • Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
    Code:
    ATTFilter
    :OTL
    DRV - [2011/09/01 15:23:21 | 000,000,000 | ---- | M] () [Kernel | On_Demand] -- D:\WINDOWS\1381543154 -- (f2ac5852)
    O32 - AutoRun File - [2005/10/12 08:01:16 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - L:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - L:\Autorun.inf -- [ FAT32 ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    [2011/09/01 15:23:21 | 000,000,000 | ---- | M] () -- D:\WINDOWS\1381543154
    [2011/09/01 14:23:26 | 004,194,304 | ---- | C] () -- D:\WINDOWS\System32\kncnfspb.dll
    @Alternate Data Stream - 816 bytes -> D:\WINDOWS\1381543154:223586221.exe
    @Alternate Data Stream - 48 bytes -> D:\WINDOWS:BC53D08132A418FB
    :Commands
    [purity]
    [emptytemp]
             
  • Sollte das mangels Internet-Verbindung nicht möglich sein,
  • kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
  • Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
  • Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
  • Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
  • Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

Schritt 3

Kannst Du wieder starten? Wenn ja dann mache einen Scan mit Malwarebytes Anti-Malware.

Alt 02.09.2011, 13:43   #8
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



So hier schonmal die Log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f2ac5852 deleted successfully.
D:\WINDOWS\1381543154 moved successfully.
D:\AUTOEXEC.BAT moved successfully.
L:\AUTOEXEC.BAT moved successfully.
L:\Autorun.inf moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File D:\WINDOWS\1381543154 not found.
D:\WINDOWS\system32\kncnfspb.dll moved successfully.
Unable to delete ADS D:\WINDOWS\1381543154:223586221.exe .
ADS D:\WINDOWS:BC53D08132A418FB deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Andere

User: Default User

User: HP_Administrator

User: LocalService

User: NetworkService

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19617 bytes
%systemroot%\System32 .tmp files removed: 5435271 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 137683340 bytes

Total Files Cleaned = 137.00 mb


OTLPE by OldTimer - Version 3.1.48.0 log created on 09022011_143927

Alt 02.09.2011, 13:48   #9
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Ja super das klappt schonmal wieder. Rechner fährt soweit normal hoch. Danke schonmal!
Und habe mich dann für AntiVir entschieden.
MfG Oemmel

Alt 02.09.2011, 16:16   #10
Swisstreasure
/// Malwareteam
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Alt 02.09.2011, 17:15   #11
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Ok Scan habe ich durchgeführt. Eine Datei wurde gefunden. Hier der Log:

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7637

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02.09.2011 17:12:42
mbam-log-2011-09-02 (17-12-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 199205
Laufzeit: 7 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.

Alt 02.09.2011, 17:28   #12
Swisstreasure
/// Malwareteam
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Schritt 1


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Alt 02.09.2011, 20:19   #13
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Hier der Log.txt von ESET:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=90c74c424eb4884ca431cd387036b526
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-02 05:34:24
# local_time=2011-09-02 07:34:24 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 743 743 0 0
# scanned=121603
# found=11
# cleaned=0
# scan_time=4465
C:\Programme\AntiVir PersonalEdition Classic\sched.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Bonjour\mDNSResponder.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\DeviceHelper\DeviceManager.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\ICQ6Toolbar\ICQ Service.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Java\jre6\bin\jqs.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\MySQL\MySQL Server 5.5\bin\mysqld.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\WinTV\TVServer\CaptureGenPCI.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\Programme\WinTV\TVServer\HauppaugeTVServer.VIR Win32/Patched.HN trojan (unable to clean) 00000000000000000000000000000000 I
C:\RECYCLER\S-1-5-21-1517635286-910970031-1826383466-1007\Dc14.zip Win32/Sirefef.CT trojan (unable to clean) 00000000000000000000000000000000 I

Alt 02.09.2011, 20:39   #14
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Hier der Log von OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.09.2011 20:35:15 - Run 2
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Dokumente und Einstellungen\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,48 Mb Total Physical Memory | 472,76 Mb Available Physical Memory | 46,24% Memory free
2,40 Gb Paging File | 2,03 Gb Available in Paging File | 84,73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 291,13 Gb Total Space | 193,86 Gb Free Space | 66,59% Space Free | Partition Type: NTFS
Drive D: | 6,95 Gb Total Space | 1,05 Gb Free Space | 15,16% Space Free | Partition Type: FAT32
Drive F: | 97,65 Gb Total Space | 51,02 Gb Free Space | 52,24% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 17,12 Gb Free Space | 35,07% Space Free | Partition Type: NTFS
Drive H: | 19,53 Gb Total Space | 0,49 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
Drive M: | 23,90 Gb Total Space | 0,20 Gb Free Space | 0,85% Space Free | Partition Type: NTFS
 
Computer Name: ALEX | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\WINDOWS\1381543154:223586221.exe
PRC - [2011.09.02 20:19:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.04.20 18:57:18 | 000,083,456 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Programme\WinTV\WinTV7\WinTVTray.exe
PRC - [2008.07.25 17:43:43 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.03 01:41:22 | 000,045,056 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.08.03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.16 16:25:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011.08.16 16:25:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011.08.16 16:25:04 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011.08.16 16:22:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011.06.30 03:08:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.02.04 18:48:32 | 000,456,192 | ---- | M] () -- C:\WINDOWS\system32\encdec.dll
MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010.11.15 04:01:32 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_655cd81f\mscorlib.dll
MOD - [2010.11.15 04:01:30 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_e2d8eae0\system.drawing.dll
MOD - [2010.11.15 04:01:26 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_ee3624bf\system.xml.dll
MOD - [2010.11.15 04:01:23 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_1551a25b\system.windows.forms.dll
MOD - [2010.11.15 04:01:17 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_86a3e2ba\system.dll
MOD - [2010.11.15 04:01:08 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010.11.15 04:01:08 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010.03.12 11:47:59 | 000,040,960 | R--- | M] () -- C:\WINDOWS\system32\hcwxds.dll
MOD - [2009.02.27 18:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.06.20 18:02:46 | 000,247,296 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.10.09 17:12:30 | 000,224,256 | ---- | M] () -- C:\WINDOWS\system32\PsisRndr.ax
MOD - [2006.10.09 17:12:14 | 000,235,008 | ---- | M] () -- C:\WINDOWS\system32\PsisDecd.dll
MOD - [2006.09.16 23:19:36 | 000,126,976 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.01.03 01:41:22 | 000,045,056 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
MOD - [2006.01.03 01:11:16 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006.01.03 01:11:15 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2006.01.03 01:11:15 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006.01.03 01:11:15 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006.01.03 01:11:15 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006.01.03 01:10:36 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.01.03 01:10:36 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_de_b77a5c561934e089\system.windows.forms.resources.dll
MOD - [2005.08.05 22:26:02 | 000,062,976 | ---- | M] () -- C:\WINDOWS\system32\mpeg2data.ax
MOD - [2005.08.05 21:02:02 | 000,165,376 | ---- | M] () -- C:\WINDOWS\system32\mpg2splt.ax
MOD - [2005.08.05 21:01:14 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\msnp.ax
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (PnkBstrA)
SRV - File not found [Auto | Stopped] --  -- (MySQL)
SRV - File not found [Auto | Stopped] --  -- (LightScribeService)
SRV - File not found [Auto | Stopped] --  -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] --  -- (iPod Service)
SRV - File not found [Auto | Stopped] --  -- (ICQ Service)
SRV - File not found [Auto | Stopped] --  -- (HauppaugeTVServer)
SRV - File not found [Auto | Stopped] --  -- (FsUsbExService)
SRV - File not found [Auto | Stopped] --  -- (DeviceManager)
SRV - File not found [Auto | Stopped] --  -- (Bonjour Service)
SRV - File not found [Auto | Stopped] --  -- (Ati HotKey Poller)
SRV - File not found [Auto | Stopped] --  -- (Apple Mobile Device)
SRV - File not found [Auto | Stopped] --  -- (AntiVirScheduler)
SRV - [2011.09.01 20:45:59 | 000,153,088 | ---- | M] () [Auto | Stopped] -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.04.19 15:35:19 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2005.08.03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004.10.22 11:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.07.12 13:49:18 | 000,060,104 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2010.03.12 11:47:58 | 000,321,280 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88tse.sys -- (HCW88TSE)
DRV - [2010.03.12 11:47:57 | 000,012,288 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2010.03.12 11:47:56 | 000,216,576 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw88bda.sys -- (hcw88bda)
DRV - [2010.03.12 11:47:56 | 000,013,440 | R--- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hcw88aud.sys -- (HCW88AUD)
DRV - [2009.11.14 18:50:56 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.11.14 18:50:34 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009.10.22 15:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009.09.21 09:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.05.25 12:18:02 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.06.13 21:24:13 | 002,155,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006.07.25 01:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.03.04 00:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.04 00:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.12.13 02:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005.06.29 17:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005.03.09 23:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.09 14:27:01 | 000,043,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Temp\gUSBSTOi.sys -- (gUSBSTOi)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2003.11.05 07:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2002.04.09 17:00:10 | 000,004,480 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = Yahoo! Suche ? Websuche & Suchmaschine
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.11.28 03:34:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 14:13:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 14:13:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.20 17:05:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.03 15:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.11.19 18:14:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.06 14:13:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.08.22 13:07:37 | 000,000,000 | ---D | M]
 
[2010.11.19 18:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.11.19 18:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.22 13:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions
[2010.11.17 20:20:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.26 17:13:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.08.22 13:09:33 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.08.18 19:40:10 | 000,000,000 | ---D | M] (Softonic Deutsch Community Toolbar) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.05.25 18:04:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.18 19:40:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.06.03 15:51:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\engine@conduit.com
[2011.08.18 19:40:09 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\extensions\piclens@cooliris.com
[2011.09.01 20:11:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-1.xml
[2011.05.10 13:52:54 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-10.xml
[2011.06.03 15:52:50 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-11.xml
[2011.08.20 17:06:31 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-12.xml
[2010.06.30 11:25:54 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-2.xml
[2010.07.27 11:54:55 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-3.xml
[2010.09.20 21:48:16 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-4.xml
[2010.10.18 19:40:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-5.xml
[2010.11.14 17:59:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-6.xml
[2011.01.12 14:21:22 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-7.xml
[2011.03.17 08:51:01 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-8.xml
[2011.04.26 20:44:45 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin-9.xml
[2010.01.13 17:50:15 | 000,000,955 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\b2l3qq4v.default\searchplugins\icqplugin.xml
[2011.08.22 12:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.04.19 15:43:49 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.06.03 15:51:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.08 11:56:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.14 21:03:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.22 12:52:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2007.08.27 20:45:18 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programme\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HP_ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\B2L3QQ4V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2010.07.08 11:56:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.08.22 13:07:37 | 000,000,000 | ---D | M] (preisspion.de) -- C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX
[2011.08.20 17:05:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.08.20 17:05:20 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.20 17:05:20 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.08.20 17:05:20 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.20 17:05:20 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.20 17:05:20 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.20 17:05:20 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -  File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (TECHNO4EVER Toolbar) - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  File not found
O3 - HKLM\..\Toolbar: (TECHNO4EVER Toolbar) - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (TECHNO4EVER Toolbar) - {FB7D98CB-B228-4ECB-ACAC-E7101156338E} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\prxtbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (TECHNO4EVER Toolbar) - {FB7D98CB-B228-4ECB-ACAC-E7101156338E} - C:\Programme\Techno4ever\tbTec1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPBootOp] C:\Programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WinTV Recording Status..lnk = C:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra Button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5961CD2C-4AB6-4277-B4E2-D29FD7907C01}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9288660B-B03C-4B26-B229-673CD0823ED7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{44d488c2-d13a-11de-a827-0018f3adb81e}\Shell - "" = AutoRun
O33 - MountPoints2\{44d488c2-d13a-11de-a827-0018f3adb81e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{44d488c2-d13a-11de-a827-0018f3adb81e}\Shell\AutoRun\command - "" = N:\autorun.exe
O33 - MountPoints2\{560acacc-efab-11de-a82d-0018f3adb81e}\Shell\AutoRun\command - "" = N:\Get_Started_for_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: Nla - C:\WINDOWS\system32\mswsock.dll ()
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk - C:\Programme\Google\Google Updater\GoogleUpdater.exe - (Google)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^HP_Administrator^Startmenü^Programme^Autostart^Xfire.lnk - C:\Programme\Xfire\xfire.exe - (Xfire Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: AlwaysReady Power Message APP - hkey= - key= - C:\WINDOWS\arpwrmsg.exe (Microsoft)
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= -  File not found
MsConfig - StartUpReg: CloneCDElbyCDFL - hkey= - key= - C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe (Elaborate Bytes)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Programme\Elaborate Bytes\CloneCD\CloneCDTray.exe (Elaborate Bytes)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Programme\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: DMAScheduler - hkey= - key= - c:\Programme\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
MsConfig - StartUpReg: ehTray - hkey= - key= - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: ftutil2 - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: ICQ Lite - hkey= - key= -  File not found
MsConfig - StartUpReg: MediaGet2 - hkey= - key= -  File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NPSStartup - hkey= - key= -  File not found
MsConfig - StartUpReg: PCDrProfiler - hkey= - key= -  File not found
MsConfig - StartUpReg: PCSuiteTrayApplication - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Recguard - hkey= - key= - C:\WINDOWS\SMINST\Recguard.exe ()
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: Steam - hkey= - key= - c:\programme\valve\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.02 20:39:28 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011.09.02 20:39:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.02 20:19:44 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe
[2011.09.02 18:07:36 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.09.02 18:05:55 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.09.02 18:02:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Malwarebytes
[2011.09.02 18:01:17 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.09.02 18:01:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.09.02 18:01:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.09.02 18:01:13 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.09.02 18:01:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.09.02 18:00:57 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011.09.01 21:31:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\Neuer Ordner (3)
[2011.09.01 20:54:51 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.09.01 20:54:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.08.25 15:38:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\RE's Lager-Verwaltung
[2011.08.25 15:38:37 | 000,000,000 | ---D | C] -- C:\Programme\Lagerverwaltung
[2011.08.25 15:24:34 | 000,000,000 | ---D | C] -- C:\Programme\Lagerverwaltung 2
[2011.08.23 20:32:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\Warenwirtschaftssystem
[2011.08.23 20:32:39 | 000,000,000 | ---D | C] -- C:\Programme\Common~1
[2011.08.23 20:32:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\T1FONTS
[2011.08.23 20:29:27 | 000,000,000 | ---D | C] -- C:\Baumann
[2011.08.23 19:53:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DATA BECKER
[2011.08.23 19:50:12 | 000,131,584 | ---- | C] (DATA BECKER) -- C:\WINDOWS\DBReg.exe
[2011.08.23 19:50:11 | 000,627,200 | ---- | C] (DATA BECKER) -- C:\WINDOWS\DBREG.dll
[2011.08.23 19:50:09 | 000,290,816 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\Tx4ole.ocx
[2011.08.23 19:50:09 | 000,081,920 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\txtls32.dll
[2011.08.23 19:50:09 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wndtls32.dll
[2011.08.23 19:50:08 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\txobj32.dll
[2011.08.23 19:50:08 | 000,323,584 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_word.dll
[2011.08.23 19:50:08 | 000,135,168 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_htm32.dll
[2011.08.23 19:50:08 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_rtf32.dll
[2011.08.23 19:50:08 | 000,069,632 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\ic32.dll
[2011.08.23 19:50:08 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_tif32.flt
[2011.08.23 19:50:08 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_wmf32.flt
[2011.08.23 19:50:08 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_bmp32.flt
[2011.08.23 19:50:06 | 000,173,304 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MimeX.dll
[2011.08.23 19:50:06 | 000,144,640 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\PopX.OCX
[2011.08.23 19:50:06 | 000,132,344 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\PopX.dll
[2011.08.23 19:50:05 | 000,279,800 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\FtpX.DLL
[2011.08.23 19:50:05 | 000,152,824 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\EncodeX.dll
[2011.08.23 19:50:05 | 000,148,736 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\FtpX.OCX
[2011.08.23 19:50:05 | 000,132,360 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\EncodeX.OCX
[2011.08.23 19:50:05 | 000,099,576 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MabryObj.dll
[2011.08.23 19:50:03 | 000,000,000 | ---D | C] -- C:\Programme\DATA BECKER
[2011.08.22 16:46:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Startmenü\Programme\MySQL
[2011.08.22 16:45:52 | 000,000,000 | ---D | C] -- C:\Programme\MySQL
[2011.08.22 16:45:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2011.08.22 15:13:10 | 000,000,000 | ---D | C] -- C:\Programme\CAO-Faktura
[2011.08.22 13:18:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\Online Shop 6
[2011.08.22 13:14:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Online Shop 6
[2011.08.22 13:07:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\Winload
[2011.08.22 13:07:35 | 000,000,000 | ---D | C] -- C:\Programme\Winload
[2011.08.22 13:06:49 | 000,000,000 | ---D | C] -- C:\Programme\Mein Gutscheincode Finder
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.02 20:19:48 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\OTL.exe
[2011.09.02 19:58:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.02 18:06:29 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\esetsmartinstaller_enu.exe
[2011.09.02 18:01:17 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 17:17:11 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011.09.02 17:16:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.09.02 17:16:05 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.02 17:16:04 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.09.02 17:15:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1381543154
[2011.09.02 17:15:57 | 000,043,408 | -HS- | M] () -- C:\WINDOWS\System32\c_62913.nl_
[2011.09.02 17:15:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.02 17:15:35 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.02 16:59:48 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\HP_Administrator\Desktop\mbam-setup-1.51.1.1800.exe
[2011.09.02 14:48:39 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.09.02 14:43:47 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\kncnfspb.dll
[2011.09.01 21:36:03 | 000,088,064 | ---- | M] () -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.01 20:26:49 | 000,000,291 | RHS- | M] () -- C:\boot.ini
[2011.08.27 18:05:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.08.25 15:32:22 | 000,001,275 | ---- | M] () -- C:\WINDOWS\Lager.INI
[2011.08.25 15:24:34 | 000,080,896 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01.exe
[2011.08.25 14:50:05 | 000,235,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.08.23 20:32:46 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2011.08.14 23:05:12 | 000,461,030 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.08.14 23:05:12 | 000,443,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.14 23:05:12 | 000,085,772 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.08.14 23:05:12 | 000,072,290 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.14 23:02:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 
========== Files Created - No Company Name ==========
 
[2011.09.02 18:01:17 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.02 17:15:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1381543154
[2011.09.02 17:15:57 | 000,043,408 | -HS- | C] () -- C:\WINDOWS\System32\c_62913.nl_
[2011.09.02 14:44:13 | 1072,222,208 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.02 14:43:47 | 004,194,304 | ---- | C] () -- C:\WINDOWS\System32\kncnfspb.dll
[2011.08.25 15:32:22 | 000,001,275 | ---- | C] () -- C:\WINDOWS\Lager.INI
[2011.08.25 15:24:34 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2011.08.23 20:32:46 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2011.08.23 19:50:13 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini
[2011.08.23 19:50:08 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2011.08.23 19:50:08 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2011.01.05 20:17:49 | 000,034,706 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2011.01.05 20:17:04 | 000,142,337 | ---- | C] () -- C:\WINDOWS\System32\Wait.exe
[2011.01.05 20:07:51 | 000,002,312 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2011.01.05 20:01:49 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2010.07.29 19:20:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.07.29 19:20:32 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.07.29 19:20:23 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\$_hpcst$.hpc
[2010.01.06 23:32:32 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.08.21 16:58:40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\AitVirtualComInstall.exe
[2009.07.20 20:10:48 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\InstallVCOM.exe
[2009.05.02 23:09:50 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.05.04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll
[2008.01.16 21:06:42 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.01.15 02:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007.12.12 21:56:55 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2007.11.15 20:34:05 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.11.15 20:33:35 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\PnkBstrK.sys
[2007.11.15 20:32:49 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007.11.15 20:32:30 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.10.05 13:45:52 | 000,000,604 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\AutoGK.ini
[2007.10.04 19:16:17 | 000,043,698 | ---- | C] () -- C:\WINDOWS\System32\xvid-uninstall.exe
[2007.07.12 21:52:37 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.07.03 00:21:53 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007.06.13 20:57:04 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007.06.13 20:57:04 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2007.06.13 20:57:04 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.06.13 18:26:05 | 000,059,653 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Anwendungsdaten\NMM-MetaData.db
[2007.05.23 17:52:34 | 000,000,153 | ---- | C] () -- C:\WINDOWS\imageconvert.ini
[2007.04.29 19:43:04 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE32.EXE
[2007.04.29 19:04:33 | 000,001,861 | ---- | C] () -- C:\WINDOWS\Transbox.ini
[2007.04.28 18:48:35 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\icoappini.ini
[2007.04.22 23:25:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS53.DLL
[2007.04.19 20:36:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007.04.19 15:52:10 | 000,088,064 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.19 15:43:22 | 000,003,396 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.04.06 20:32:47 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.01.03 21:46:14 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.06.16 20:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.01.03 02:23:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.01.03 01:58:03 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006.01.03 01:50:59 | 000,014,378 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006.01.03 01:50:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006.01.03 01:42:37 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006.01.03 01:37:18 | 000,105,702 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006.01.03 01:36:19 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.01.03 01:31:49 | 000,144,357 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006.01.03 01:30:36 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.03 01:08:34 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.10.12 14:46:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.10.12 14:07:40 | 000,461,030 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.10.12 14:07:40 | 000,443,024 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.10.12 14:07:40 | 000,085,772 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.10.12 14:07:40 | 000,072,290 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.10.12 14:05:28 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.10.12 14:00:50 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.10.12 13:56:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.09.15 10:03:00 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\tx11.dll
[2005.08.05 22:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005.08.03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005.02.05 10:33:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\TrcCli5.dll
[2005.02.05 10:33:04 | 000,311,808 | ---- | C] () -- C:\WINDOWS\System32\rfapi5.dll
[2005.02.05 10:33:02 | 000,221,253 | ---- | C] () -- C:\WINDOWS\System32\CfgCapi.dll
[2004.10.22 14:43:16 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx11_ic.ini
[2004.08.10 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.10 06:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.10 06:00:00 | 000,247,296 | ---- | C] () -- C:\WINDOWS\System32\mswsock.dll
[2004.08.10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.10 06:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.07.26 22:08:20 | 000,001,194 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.12.01 10:34:54 | 000,144,384 | ---- | C] () -- C:\WINDOWS\System32\lttls14n.dll
[2003.12.01 10:34:32 | 000,721,408 | ---- | C] () -- C:\WINDOWS\System32\ltcry14n.dll
[2003.04.23 16:00:30 | 000,281,600 | ---- | C] () -- C:\WINDOWS\System32\Talbc.dll
[2003.04.12 19:28:16 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\TALRSS14.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.08.23 17:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 17:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2000.06.28 00:00:00 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\dXCtrls.dll
[1999.01.23 03:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998.06.04 08:34:48 | 000,070,144 | ---- | C] () -- C:\WINDOWS\System32\Talbcdmx.dll
 
========== LOP Check ==========
 
[2011.09.01 20:48:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2011.09.02 14:48:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2007.06.13 18:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2007.12.12 21:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes
[2010.01.06 16:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2007.06.13 18:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2011.08.22 16:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2007.06.13 18:23:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.11.11 20:17:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.11.12 17:31:56 | 000,000,000 | ---D | M] -- C:\a8cbb3f8ba7c142f80
[2007.07.03 00:21:13 | 000,000,000 | ---D | M] -- C:\ATI
[2011.08.23 20:29:27 | 000,000,000 | ---D | M] -- C:\Baumann
[2007.04.22 23:25:38 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2007.12.12 21:58:26 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2007.01.03 21:50:54 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2005.11.15 06:13:14 | 000,000,000 | ---D | M] -- C:\CMPNENTS
[2011.09.01 20:55:19 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2007.05.23 18:08:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2007.01.03 22:04:26 | 000,000,000 | -H-D | M] -- C:\hp
[2007.07.06 22:22:16 | 000,000,000 | ---D | M] -- C:\Netgear
[2007.05.23 17:37:47 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.09.02 18:07:36 | 000,000,000 | R--D | M] -- C:\Programme
[2007.01.03 21:59:03 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2007.01.03 21:42:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2006.01.03 01:08:34 | 000,000,000 | -H-D | M] -- C:\system.sav
[2008.12.03 21:30:07 | 000,000,000 | ---D | M] -- C:\temp
[2011.09.02 17:16:07 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2011.09.02 20:39:27 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2004.08.10 06:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2004.08.10 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2004.08.09 23:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 06:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.10 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-25 12:59:42
 
<           >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB21761$] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\1381543154:223586221.exe

< End of report >
         
--- --- ---

Alt 02.09.2011, 20:42   #15
Oemmel
 
Trojaner w32 patchload.a und TR/Kazy.24148 - Standard

Trojaner w32 patchload.a und TR/Kazy.24148



Hier der andere:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.09.2011 20:21:19 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Dokumente und Einstellungen\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,48 Mb Total Physical Memory | 535,75 Mb Available Physical Memory | 52,40% Memory free
2,40 Gb Paging File | 2,06 Gb Available in Paging File | 85,97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 291,13 Gb Total Space | 193,89 Gb Free Space | 66,60% Space Free | Partition Type: NTFS
Drive D: | 6,95 Gb Total Space | 1,05 Gb Free Space | 15,16% Space Free | Partition Type: FAT32
Drive F: | 97,65 Gb Total Space | 51,02 Gb Free Space | 52,24% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 17,12 Gb Free Space | 35,07% Space Free | Partition Type: NTFS
Drive H: | 19,53 Gb Total Space | 0,49 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
Drive M: | 23,90 Gb Total Space | 0,20 Gb Free Space | 0,85% Space Free | Partition Type: NTFS
Drive N: | 465,64 Gb Total Space | 67,37 Gb Free Space | 14,47% Space Free | Partition Type: FAT32
 
Computer Name: ALEX | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL Germany
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"C:\Programme\Xfire\xfire.exe" = C:\Programme\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\Valve\Steam\steam.exe" = C:\Programme\Valve\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
"C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"H:\Valve2\hl.exe" = H:\Valve2\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life deathmatch source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life deathmatch source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life 2 deathmatch\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour"
"C:\Programme\WinTV\WinTV7\WinTV7.exe" = C:\Programme\WinTV\WinTV7\WinTV7.exe:*:Enabled:WinTV7 -- (Hauppauge Computer Works, Inc.)
"C:\Programme\Valve\Steam\SteamApps\the_oemmel\counter-strike source\hl2.exe" = C:\Programme\Valve\Steam\SteamApps\the_oemmel\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld
"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server
"C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Downloads\stinger10.2.0.267.exe" = C:\Dokumente und Einstellungen\HP_Administrator\Eigene Dateien\Downloads\stinger10.2.0.267.exe:*:Enabled:stinger10.2.0.267 -- ()
"C:\Programme\AntiVir PersonalEdition Classic\update.exe" = C:\Programme\AntiVir PersonalEdition Classic\update.exe:*:Enabled:Antivirus Updater -- (Avira GmbH)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{02850087-A59F-4782-B8AF-40674752D5F1}" = ATI Catalyst Control Center
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{37DD5BB3-9DB4-4D92-9E50-16F2AD14A317}" = MySQL Server 5.5
"{3B5FEE89-AB5A-4EA9-A3AB-40216ADE225B}" = MovieJack DVD 2
"{41153CDC-08C5-41A3-8FE3-81F7896ED8E1}" = Warenwirtschaftssystem 8.0
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe  1.4.105.1
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
"1F811665-E818-4956-9173-35CD47C9DCE0" = Otto
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"AwayMode160" = Microsoft Away Mode
"BIMPLite" = BIMP Lite 1.62
"CANONBJ_Deinstall_CNMCP53.DLL" = Canon i350
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Counter-Strike Source" = Counter-Strike Source
"DivX Setup.divx.com" = DivX-Setup
"DVD-CLONER VII_is1" = DVD-CLONER V7.00 Build 990
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HSPA USB MODEM ALCATEL_is1" = HSPA USB MODEM
"HTPE3" = HyperTerminal Private Edition v6.3
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageConverter" = ImageConverter 1.0
"InfraRecorder" = InfraRecorder
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Optimierung aufgrund von Kundenerfahrungen
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internetdienste
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Lagerverwaltung" = RE's Lager-Verwaltung Version 1.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"ratDVD" = ratDVD 0.78.1444
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"ShockwaveFlash" = Macromedia Flash Player 8
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 360" = Half-Life Deathmatch: Source
"Techno4ever Player" = Techno4ever Player
"Techno4ever Toolbar" = Techno4ever Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6
"VobSub" = VobSub v2.23 (Remove Only)
"web2date" = DATA BECKER shop to date 5
"WIC" = Windows Imaging Component
"Windows Lemmings" = Lemmings for Windows 95
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Toolbar" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.11.2010 08:14:25 | Computer Name = ALEX | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\DOKUME~1\HP_ADM~1\LOKALE~1\Temp\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log
 enthalten.
 
Error - 13.11.2010 08:14:27 | Computer Name = ALEX | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 05.01.2011 14:09:22 | Computer Name = ALEX | Source = MsiInstaller | ID = 1013
Description = Produkt: Microsoft .NET Framework 2.0 -- Setup cannot continue because
 this version of the .NET Framework is incompatible with a previously installed 
one.  For more information, see Error message when you try to install the.NET Framework 2.0 on a computer that has the.NET Framework 2.0 Service Pack 1 installed: "Setup cannot continue because this version of the.NET Framework is incompatible with a previously installed one"
 
Error - 22.08.2011 07:06:54 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung freeware-online-shop-setup.exe, Version 
0.0.0.0, fehlgeschlagenes Modul freeware-online-shop-setup.exe, Version 0.0.0.0,
 Fehleradresse 0x000f85d5.
 
Error - 22.08.2011 07:07:37 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung freeware-online-shop-setup.exe, Version 
0.0.0.0, fehlgeschlagenes Modul freeware-online-shop-setup.exe, Version 0.0.0.0,
 Fehleradresse 0x000f85d5.
 
Error - 25.08.2011 12:13:32 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WinTV7.exe, Version 1.0.28110.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 29.08.2011 14:11:12 | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung web2date.exe, Version 5.0.0.1572, fehlgeschlagenes
 Modul web2date.exe, Version 5.0.0.1572, Fehleradresse 0x005e273b.
 
Error - 01.09.2011 14:09:00 | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WinTV7.exe, Version 1.0.28110.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 01.09.2011 14:42:20 | Computer Name = ALEX | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 01.09.2011 14:42:20 | Computer Name = ALEX | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
[ System Events ]
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Dienst "Bonjour"" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DeviceManager" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "FsUsbExService" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HauppaugeTVServer" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Java Quick Starter" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySQL" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.09.2011 11:15:57 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 02.09.2011 11:15:59 | Computer Name = ALEX | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Cdrom  Imapi  IntelIde  ViaIde
 
Error - 02.09.2011 11:17:29 | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%2" aufgetreten, als der Dienst "iPod Service"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error - 02.09.2011 11:17:30 | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
--- --- ---

Antwort

Themen zu Trojaner w32 patchload.a und TR/Kazy.24148
anmeldung, antivir, bitte um hilfe, großes, hallo zusammen, heute, meldung, neu, nicht mehr, problem, rechner, schonmal, sofort, starte, startet, troja, trojaner, w32, windows, windows xp, zusammen



Ähnliche Themen: Trojaner w32 patchload.a und TR/Kazy.24148


  1. Deutsche Post Mail-Attacke - Live Platinum Trojaner + Kazy Trojaner
    Log-Analyse und Auswertung - 02.10.2012 (5)
  2. Trojan.Sirefef-411 in services.exe u. Trojan.Patchload in \adsldpc.dll, \aaclient.dll, \adsmsext.dll
    Log-Analyse und Auswertung - 05.08.2012 (12)
  3. W32/PatchLoad.A und weitere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (8)
  4. W32/patchload.a vom PC entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.01.2012 (6)
  5. W32/patchload.a vom PC entfernen
    Alles rund um Windows - 30.12.2011 (5)
  6. W32 Patchload.a und weitere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (3)
  7. Trojaner w32 patchload.a
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (115)
  8. W32/patchload.a entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.11.2011 (8)
  9. Patchload.A ZAccess.EA Crypt.XPACK.Gen stören massiv das System!
    Log-Analyse und Auswertung - 20.11.2011 (18)
  10. Patchload.O eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.11.2011 (37)
  11. Mehrere Viren - kazy.mekml1, kazy.20967, crypt.zpack.gen,... Win Vista
    Plagegeister aller Art und deren Bekämpfung - 25.10.2011 (3)
  12. Virusbefall mit "patchload.o" lt. Security Essentials
    Plagegeister aller Art und deren Bekämpfung - 14.10.2011 (10)
  13. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  14. Kazy.mekml1 und TR/Kazy.22376.3
    Log-Analyse und Auswertung - 14.05.2011 (7)
  15. Trojaner kazy.mekml.1 Avira meldet Trojaner schwarzer Bildschirm nichts geht mehr
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (22)
  16. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  17. TR/PatchLoad.29295.1.2 ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 13.05.2010 (6)

Zum Thema Trojaner w32 patchload.a und TR/Kazy.24148 - Hallo zusammen! Habe seid heute ein großes Problem! Habe mir wohl einen Trojaner eingefangen. AntiVir hat sofort angeschlagen, wurde dann aber leider von alleine beendet.... und jetzt fährt der Rechner - Trojaner w32 patchload.a und TR/Kazy.24148...
Archiv
Du betrachtest: Trojaner w32 patchload.a und TR/Kazy.24148 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.