Internet Explorer öffnet sich im Hintergrund
Hi,
wie andere auch habe ich das Problem, dass seit gestern iexplorer.exe im Taskmanager mehrmals erscheint und Werbung auftaucht, obwohl ich den Internet Explorer nicht nutze.
Ich habe Antivir und Anti-Malware laufen lassen, ohne Erfolg. Panda Anti-Rootkit hat er erst gestartet, aber dann ohne Vorwarnung einfach geschlossen.:aufsmaul:
Hier meine Logs: Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:32:50, on 21.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programme\Synaptics\SynTP\Toshiba.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\Programme\DAEMON Tools Pro\DTProAgent.exe
C:\Programme\Rainlendar2\Rainlendar2.exe
C:\Programme\RMClock\RMClock.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Launchy\Launchy.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programme\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [RMClock] C:\Programme\RMClock\RMClockLauncher.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Remote Control Editor] "C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Miranda IM.lnk = C:\Programme\Miranda IM\miranda32.exe
O4 - Startup: Thunderbird.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Launchy.lnk = C:\Programme\Launchy\Launchy.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
--
End of file - 8383 bytes
Code:
OTL logfile created on: 21.07.2010 01:51:42 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 35,05 Gb Free Space | 23,52% Space Free | Partition Type: NTFS
Drive D: | 68,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KBOOK
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Launchy\Launchy.exe ()
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\RMClock\RMClock.exe (NGO Science Center "RightMark")
PRC - C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
PRC - C:\Programme\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Programme\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Programme\Logitech\Video\LogiTray.exe (Labtec Inc.)
PRC - C:\Programme\Logitech\Video\FxSvr2.exe (Labtec Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Labtec Inc.)
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Programme\RocketDock\RocketDock.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (FileZilla Server) -- C:\Programme\FileZilla Server\FileZilla Server.exe (FileZilla Project)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (TabletServicePen) -- C:\WINDOWS\system32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)
========== Driver Services (SafeList) ==========
DRV - (vnet) -- C:\WINDOWS\System32\DRIVERS\virtualnet.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (pflt) -- C:\WINDOWS\system32\drivers\vfilter.sys (Shrew Soft Inc)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (PDIHWCTL) -- C:\WINDOWS\system32\drivers\pdihwctl.sys (Portrait Displays, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)
DRV - (RTCore32) -- C:\Programme\RMClock\RTCore32.sys ()
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Labtec Inc.)
DRV - (PID_08A0) Labtec WebCam(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Labtec Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (eyeonedp) -- C:\WINDOWS\system32\drivers\EyeOneDp.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}:0.9.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.10 01:41:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.16 09:47:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.07.06 21:42:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.07.06 21:42:45 | 000,000,000 | ---D | M]
[2010.01.22 21:55:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.01.22 21:55:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.20 16:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\sdxhrlol.default\extensions
[2010.05.03 22:46:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\sdxhrlol.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.13 13:29:50 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\sdxhrlol.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.11 10:14:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\sdxhrlol.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.09 19:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\sdxhrlol.default\extensions\{d832c3e4-1a62-48ea-9a1f-5091a1ec3bc5}
[2010.05.30 14:33:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\sdxhrlol.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.06.26 11:11:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\sdxhrlol.default\extensions\firebug@software.joehewitt.com
[2010.07.20 10:39:44 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\sdxhrlol.default\searchplugins\icqplugin.xml
[2010.07.20 16:53:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.07.10 23:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006.07.31 17:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.01.22 19:22:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.22 19:22:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.22 19:22:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.22 19:22:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.22 19:22:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.07.20 21:17:30 | 000,412,178 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14242 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Labtec Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Labtec Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Labtec Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [XboxStat] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Programme\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [Remote Control Editor] C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe File not found
O4 - HKCU..\Run: [RMClock] C:\Programme\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark")
O4 - HKCU..\Run: [RocketDock] C:\Programme\RocketDock\RocketDock.exe ()
O4 - HKLM..\RunOnce: [WIAWizardMenu] C:\WINDOWS\System32\sti_ci.DLL (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Miranda IM.lnk = C:\Programme\Miranda IM\miranda32.exe ( )
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Thunderbird.lnk = C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launchy.lnk = C:\Programme\Launchy\Launchy.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.08 23:42:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.09.14 10:24:05 | 000,000,052 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009.09.14 10:24:02 | 000,000,071 | R--- | M] () - D:\AUTORUN_USB.INF -- [ CDFS ]
O33 - MountPoints2\{210a9635-892c-11df-b601-00a0d164140e}\Shell - "" = AutoRun
O33 - MountPoints2\{210a9635-892c-11df-b601-00a0d164140e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{210a9635-892c-11df-b601-00a0d164140e}\Shell\AutoRun\command - "" = F:\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.07.21 01:51:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.07.21 01:32:09 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
[2010.07.20 23:15:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
[2010.07.20 23:15:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.07.20 22:22:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Pavark
[2010.07.20 22:17:43 | 000,000,000 | ---D | C] -- C:\f1288204b57fe32214ea
[2010.07.20 22:08:39 | 000,000,000 | ---D | C] -- C:\f926161bc02e841229a1
[2010.07.20 22:08:10 | 000,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010.07.20 21:55:48 | 000,008,576 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\judafvawlbdf.sys
[2010.07.20 21:53:59 | 000,008,576 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\jbrywtqpnmpc.sys
[2010.07.20 21:52:33 | 000,008,576 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\jvuuvmmheqay.sys
[2010.07.20 21:14:35 | 000,008,576 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\drivers\dpxytmcuhbhw.sys
[2010.07.20 11:56:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2010.07.20 11:56:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.20 11:55:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.20 11:55:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.20 11:55:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.20 11:37:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.07.19 19:24:40 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2010.07.18 18:54:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shibusa Shirazu Orchestra Animepro
[2010.07.18 14:58:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Apple Computer
[2010.07.17 12:57:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shibusa Shirazu Orchestra
[2010.07.13 13:39:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\BAMF Texte
[2010.07.07 17:27:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Japanisch A1 Wortschatz
[2010.07.07 17:20:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Japanisch A1
[2010.07.07 01:09:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Creative Software
[2010.07.06 22:08:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Handy
[2010.07.06 21:54:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Sony Ericsson
[2010.07.06 21:52:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2010.07.06 21:50:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Sony
[2010.07.06 21:49:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Podcasts
[2010.07.06 21:49:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Media Go
[2010.07.06 21:46:28 | 000,115,752 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016unic.sys
[2010.07.06 21:46:28 | 000,114,216 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016mgmt.sys
[2010.07.06 21:46:28 | 000,110,632 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016obex.sys
[2010.07.06 21:46:28 | 000,025,512 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016nd5.sys
[2010.07.06 21:46:28 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016cr.sys
[2010.07.06 21:46:27 | 000,120,744 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016mdm.sys
[2010.07.06 21:46:27 | 000,089,256 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016bus.sys
[2010.07.06 21:46:27 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016mdfl.sys
[2010.07.06 21:46:27 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016whnt.sys
[2010.07.06 21:46:27 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016wh.sys
[2010.07.06 21:46:27 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016cmnt.sys
[2010.07.06 21:46:27 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s0016cm.sys
[2010.07.06 21:46:24 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpeAB.dll
[2010.07.06 21:44:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Sony Shared
[2010.07.06 21:44:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations
[2010.07.06 21:43:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Corporation
[2010.07.06 21:43:57 | 000,000,000 | ---D | C] -- C:\Programme\Sony
[2010.07.06 21:42:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.07.06 21:41:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.07.06 21:41:36 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.07.06 21:40:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010.07.06 21:26:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.07.06 21:26:19 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2010.07.06 21:12:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Setup
[2010.07.06 21:12:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2010.07.06 21:12:02 | 000,000,000 | ---D | C] -- C:\Programme\Sony Setup
[2010.07.06 20:57:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Sony Ericsson
[2010.07.06 20:57:10 | 000,109,864 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018unic.sys
[2010.07.06 20:57:10 | 000,106,208 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mgmt.sys
[2010.07.06 20:57:10 | 000,104,744 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018obex.sys
[2010.07.06 20:57:10 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cr.sys
[2010.07.06 20:57:09 | 000,114,728 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mdm.sys
[2010.07.06 20:57:09 | 000,026,024 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018nd5.sys
[2010.07.06 20:57:09 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018mdfl.sys
[2010.07.06 20:57:09 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cmnt.sys
[2010.07.06 20:57:09 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018cm.sys
[2010.07.06 20:57:08 | 000,086,824 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018bus.sys
[2010.07.06 20:57:08 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018whnt.sys
[2010.07.06 20:57:08 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s1018wh.sys
[2010.07.06 20:57:03 | 000,000,000 | ---D | C] -- C:\Programme\Sony Ericsson
[2010.07.06 20:57:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson
[2010.07.06 20:44:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MyPhoneExplorer
[2010.07.06 20:44:26 | 000,000,000 | ---D | C] -- C:\Programme\MyPhoneExplorer
[2010.07.03 12:24:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
[2010.07.03 12:01:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
[2010.06.29 15:56:26 | 000,285,696 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010.06.29 15:56:01 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asycfilt.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.07.21 01:30:05 | 011,534,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2010.07.21 01:13:11 | 000,008,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\ocxvpaqfcnpd.sys
[2010.07.21 01:12:25 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.21 01:11:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.21 01:11:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.20 23:26:49 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010.07.20 23:23:45 | 006,380,996 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.07.20 22:36:30 | 000,008,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\pdpgeyijydcm.sys
[2010.07.20 22:32:58 | 000,008,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\pxohsrhfqsbf.sys
[2010.07.20 22:31:26 | 000,008,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\oqyoocrjiskd.sys
[2010.07.20 22:29:05 | 001,508,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.20 22:26:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.07.20 22:13:42 | 000,938,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.20 22:13:42 | 000,424,836 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.20 22:13:42 | 000,412,314 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.20 22:13:42 | 000,072,952 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.20 22:13:42 | 000,061,702 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.20 22:12:06 | 000,744,339 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PAVARK.exe
[2010.07.20 22:08:44 | 000,008,704 | ---- | M] () -- C:\WINDOWS\System32\drivers\lhcmixotatoh.sys
[2010.07.20 21:55:41 | 000,008,576 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\drivers\judafvawlbdf.sys
[2010.07.20 21:53:52 | 000,008,576 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\drivers\jbrywtqpnmpc.sys
[2010.07.20 21:52:22 | 000,008,576 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\drivers\jvuuvmmheqay.sys
[2010.07.20 21:17:30 | 000,412,178 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.07.20 21:14:22 | 000,008,576 | ---- | M] (Panda Software International) -- C:\WINDOWS\System32\drivers\dpxytmcuhbhw.sys
[2010.07.20 21:08:39 | 000,000,911 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010.07.20 20:15:28 | 071,972,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\rescue_system-common-en.iso
[2010.07.20 18:19:06 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010.07.20 11:56:04 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.20 11:37:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.18 12:32:53 | 000,026,539 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Eventbericht Shibusa Shirazu Orchestra.odt
[2010.07.18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.07.17 17:45:49 | 000,024,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lektorat.odt
[2010.07.09 11:40:46 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.09 11:40:46 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.09 11:40:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.07.06 21:46:24 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpeAB.dll
[2010.07.06 20:58:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.07.03 12:00:34 | 000,099,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.29 20:53:51 | 000,013,552 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Utopische Romane.ods
[2010.06.24 22:29:49 | 000,013,837 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu OpenDocument Text (2).odt
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.21 01:13:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\ocxvpaqfcnpd.sys
[2010.07.20 23:02:22 | 071,972,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\rescue_system-common-en.iso
[2010.07.20 22:36:34 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\pdpgeyijydcm.sys
[2010.07.20 22:33:03 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\pxohsrhfqsbf.sys
[2010.07.20 22:31:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\oqyoocrjiskd.sys
[2010.07.20 22:11:57 | 000,744,339 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PAVARK.exe
[2010.07.20 22:08:53 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\lhcmixotatoh.sys
[2010.07.20 21:08:39 | 000,000,911 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010.07.20 18:19:06 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010.07.20 11:56:04 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.17 23:37:14 | 000,026,539 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Eventbericht Shibusa Shirazu Orchestra.odt
[2010.07.08 17:56:28 | 000,024,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lektorat.odt
[2010.07.06 21:41:39 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.24 20:23:04 | 000,013,837 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu OpenDocument Text (2).odt
[2010.03.27 14:57:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.03.15 18:24:08 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.01.26 17:09:10 | 000,009,453 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.01.12 20:11:25 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008.12.07 20:19:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.10.25 20:32:54 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008.09.27 19:05:30 | 000,000,279 | ---- | C] () -- C:\WINDOWS\{19789B73-7489-4EE0-8040-6C4DD5C1AF52}_WiseFW.ini
[2008.09.26 20:54:10 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\EyeOneDp.sys
[2008.09.26 20:53:11 | 000,000,030 | ---- | C] () -- C:\WINDOWS\AutoRun.ini
[2008.09.05 22:26:33 | 000,000,063 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.08.08 23:12:54 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.08.08 23:12:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.08.08 23:12:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008.08.08 22:00:29 | 000,000,366 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.07.18 03:57:51 | 000,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008.07.18 03:57:51 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.07.09 21:57:38 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008.07.09 21:57:37 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.07.09 01:13:16 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll
[2008.07.09 01:04:06 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.07.09 00:56:32 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.07.08 23:58:36 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008.07.08 23:58:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008.07.08 23:58:36 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008.07.08 23:58:36 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008.07.08 23:56:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008.07.08 23:52:53 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.07.08 23:52:53 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.07.08 23:52:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.07.08 23:52:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.07.08 23:51:58 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.07.08 21:50:27 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007.10.26 15:28:18 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.10.26 15:28:04 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.04.03 11:59:54 | 006,148,096 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll
[2007.02.20 13:59:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.02.20 13:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.02.20 13:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.02.20 13:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.02.20 13:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.02.20 13:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.02.20 13:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.02.20 13:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.02.20 13:59:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.02.20 12:24:46 | 000,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006.12.05 16:07:16 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\dzbryce6.dll
[2006.12.05 16:00:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll
[2006.11.20 17:25:16 | 001,343,488 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll
[2006.11.20 17:25:02 | 004,984,832 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll
[1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.14 04:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2008.07.09 01:23:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ahnenblatt
[2008.07.09 20:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AI Internet Solutions
[2010.02.07 15:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Audacity
[2008.09.28 11:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Blender Foundation
[2010.07.20 23:15:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe Limited
[2008.12.07 20:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\concept design
[2008.07.09 01:05:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Pro
[2008.07.09 01:24:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\eMule
[2008.08.08 19:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\everlight
[2010.06.10 12:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FileZilla
[2010.07.20 00:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\foobar2000
[2008.09.26 21:19:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GretagMacbeth
[2010.05.15 21:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0
[2009.07.25 18:00:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\hdbADS
[2010.01.04 21:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inkscape
[2008.07.09 02:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\JAM Software
[2010.03.15 17:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\KC Softwares
[2008.07.09 01:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Launchy
[2008.07.09 01:36:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Miranda
[2009.07.25 18:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MrJobs
[2010.07.06 21:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MyPhoneExplorer
[2009.06.09 13:34:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Notepad++
[2008.12.24 14:41:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2009.06.12 16:50:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Rational
[2009.10.31 00:02:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\runic games
[2010.07.06 21:49:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony
[2010.07.07 01:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Creative Software
[2010.07.06 21:19:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Setup
[2010.07.06 21:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2010.03.28 17:55:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TerraTec
[2010.01.22 21:55:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2008.10.25 20:51:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tobit
[2008.07.09 01:27:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ubisoft
[2009.10.13 01:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2008.09.27 17:39:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Xarka Software
[2010.07.06 21:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2010.07.20 23:15:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2008.07.09 01:05:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2010.07.20 16:54:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IBM
[2010.01.02 20:13:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MHST
[2009.02.12 00:51:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Test Drive Unlimited
[2009.01.12 18:53:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 20 bytes -> C:\Dokumente und Einstellungen\Administrator\Desktop\PAVARK.exe:License
< End of report >
Code:
OTL Extras logfile created on: 21.07.2010 01:51:42 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 35,05 Gb Free Space | 23,52% Space Free | Partition Type: NTFS
Drive D: | 68,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KBOOK
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\concept design\onlineTV 4\onlineTV.exe" = C:\Programme\concept design\onlineTV 4\onlineTV.exe:*:Enabled:onlineTV -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\concept design\onlineTV 4\onlineTV.exe" = C:\Programme\concept design\onlineTV 4\onlineTV.exe:*:Enabled:onlineTV -- File not found
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Classic -- File not found
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Classic (tvtv Setup) -- File not found
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Classic (Auto Update) -- File not found
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\{050A783B-8DD3-41CE-A003-AEE50F01227B}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\{050A783B-8DD3-41CE-A003-AEE50F01227B}\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\InstTool.exe:*:Enabled:TerraTec Home Cinema (Setup) -- File not found
"C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Programme\Ubisoft\Prince of Persia\Prince of Persia.exe" = C:\Programme\Ubisoft\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx -- (Ubisoft)
"C:\Programme\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe" = C:\Programme\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update -- (Ubisoft)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19789B73-7489-4EE0-8040-6C4DD5C1AF52}" = SuperHTML Web Studio
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java(TM) SE Development Kit 6 Update 14
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82D8304F-73D7-4EE6-8472-D0684BAA2865}" = AGEIA PhysX v7.05.06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993A94A9-DCE3-4774-B35D-D8C74FC1E0BE}" = Royale Remixed Theme
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM-Treiber
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1B669F9-B9FE-486D-924F-D6678FDB0FD5}" = Adobe Setup
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B75932F6-EC0A-4E3A-AA7A-11AAC267B8A3}" = Adobe Creative Suite 3 Design Premium
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BDC83FD3-1A0F-46FB-8852-5E9A94294143}" = Serif PagePlus 8.0
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}" = Labtec WebCam-Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CD8F775C-F958-9788-CB1B-3A3C2EBF3BB5}" = ViiKii Desktop Plug-in
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D751B34C-058F-42EF-BE95-14EBB0D2C585}" = Dreamfall
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.50.52
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB1F228C-8D68-41A7-BEA2-D667DDB8B8B7}" = Phase 5 HTML-Editor
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0BF49E9448DA0DFB69DB9D673379652AB9087171" = Windows Driver Package - Intel net (09/26/2007 11.5.0.32)
"5D81FBED6E61194F43FF1556F43BD8309BA44634" = Windows Driver Package - Intel (NETw4x32) net (09/26/2007 11.5.0.32)
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_dba14d7ef3aa07282d2b5a7a98d902a" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Alter Ego DE_is1" = Alter Ego DE Patch
"Ant Renamer 2_is1" = Ant Renamer
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Baldur's Gate Tutu" = Baldur's Gate Tutu
"Beautiful Planet Set 1_is1" = Jigsaws Galore SE Beautiful Planet Set 1
"Blender" = Blender (remove only)
"Bryce" = Bryce 5.5c
"CDex" = CDex extraction audio
"Cinergy XS Series" = Cinergy XS Series V5.09.0304.00a
"Cosmas II Client" = Cosmas II Client v3.9.0.1
"CSEHTMLVALIDATORLITE80_is1" = CSE HTML Validator Lite v8.04
"Das große Wissensquiz_is1" = Der Brockhaus multimedial - Das große Wissensquiz
"DAZ|Studio" = DAZ|Studio 1.5.1.0
"Dia" = Dia (nur entfernen)
"Diablo II" = Diablo II
"Digital Editions" = Adobe Digital Editions
"Divine Divinity" = Divine Divinity
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EFD65E7CD7A28D00217941F33C5CA55964F96136" = Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Eye-One Match_is1" = Eye-One Match 3.6.1
"FastStone Image Viewer" = FastStone Image Viewer 3.2
"FileZilla Client" = FileZilla Client 3.3.2.1
"FileZilla Server" = FileZilla Server (remove only)
"foobar2000" = foobar2000 v1.0.1
"Foto-Mosaik_is1" = Foto-Mosaik 4.1.0
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Freelancer 1.0" = Freelancer
"HijackThis" = HijackThis 2.0.2
"hp deskjet 930c series_Driver" = hp deskjet 930c series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Beta 2
"ImageMagick 6.6.0 Q16_is1" = ImageMagick 6.6.0-5 Q16 (2010-03-15)
"Inkscape" = Inkscape 0.47
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KC Softwares SUMo_is1" = KC Softwares SUMo
"Launchy_21344213_is1" = Launchy 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.27
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Pen Tablet Driver" = Stifttablett
"Pharao" = Pharao
"phase5" = phase5
"Pointofix_is1" = Pointofix
"PROSet" = Intel(R) PRO Network Connections Drivers
"QcDrv" = Labtec® Camera-Treiber
"Rainlendar2" = Rainlendar2 (remove only)
"RealAlt_is1" = Real Alternative 1.9.0
"RocketDock_is1" = RocketDock 1.3.5
"Runic Games Torchlight" = Torchlight
"Secunia PSI" = Secunia PSI
"ST5UNST #1" = PD Particles
"ST5UNST #2" = project dogwaffle
"ST5UNST #3" = project dogwaffle (C:\Programme\project dogwaffle\)
"Stellarium_is1" = Stellarium 0.9.0
"SUPER ©" = SUPER © Version 2008.bld.30 (Mar 22, 2008)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TreeSize Free_is1" = TreeSize Free V2.2.1
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.0
"ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViiKii Desktop Plug-in
"VLC media player" = VLC media player 1.1.0
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xarka_CoolCollage_1_is1" = CoolCollage 1.0 Trial Edition
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.07.2010 16:46:55 | Computer Name = KBOOK | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "RegOpenKeyExW(HKLM,SYSTEM\CurrentControlSet\Services\VSS\Providers,0,KEY_ALL_ACCESS,&ptr)".
hr = 0x80070002.
Error - 20.07.2010 16:47:51 | Computer Name = KBOOK | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "RegOpenKeyExW(HKLM,SYSTEM\CurrentControlSet\Services\VSS\Providers,0,KEY_ALL_ACCESS,&ptr)".
hr = 0x80070002.
Error - 20.07.2010 16:51:51 | Computer Name = KBOOK | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "RegOpenKeyExW(HKLM,SYSTEM\CurrentControlSet\Services\VSS\Providers,0,KEY_ALL_ACCESS,&ptr)".
hr = 0x80070002.
Error - 20.07.2010 17:13:21 | Computer Name = KBOOK | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154.
Error - 20.07.2010 17:13:21 | Computer Name = KBOOK | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "RegOpenKeyExW(HKLM,SYSTEM\CurrentControlSet\Services\VSS\Providers,0,KEY_ALL_ACCESS,&ptr)".
hr = 0x80070002.
Error - 20.07.2010 17:13:21 | Computer Name = KBOOK | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154.
Error - 20.07.2010 17:13:21 | Computer Name = KBOOK | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "Microsoft
Writer (Bootable State)" aufgerufene Routine "CVssWriterShim::Subscribe" ist mit
Status "0x8000ffff" (konvertiert in 0x800423f4) fehlgeschlagen.
Error - 20.07.2010 17:26:11 | Computer Name = KBOOK | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 20.07.2010 17:26:45 | Computer Name = KBOOK | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154.
Error - 20.07.2010 19:11:56 | Computer Name = KBOOK | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040154.
[ System Events ]
Error - 20.07.2010 10:38:43 | Computer Name = KBOOK | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Systemereignisbenachrichtigung" ist von folgendem, nicht
vorhandenem Dienst abhängig: EventSystem
Error - 20.07.2010 14:39:17 | Computer Name = KBOOK | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Systemereignisbenachrichtigung" ist von folgendem, nicht
vorhandenem Dienst abhängig: EventSystem
Error - 20.07.2010 16:12:33 | Computer Name = KBOOK | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706be fehlgeschlagen: Microsoft .NET Framework*2.0 Service Pack*2-Update
für Windows Server*2003 und Windows*XP x86 (KB976576)
Error - 20.07.2010 16:12:33 | Computer Name = KBOOK | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software
- Juli 2010 (KB890830)
Error - 20.07.2010 16:12:33 | Computer Name = KBOOK | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Kumulatives Sicherheitsupdate für ActiveX Killbits
für Windows XP (KB980195)
Error - 20.07.2010 16:12:33 | Computer Name = KBOOK | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706ba fehlgeschlagen: Sicherheitsupdate für Windows XP (KB980218)
Error - 20.07.2010 16:19:56 | Computer Name = KBOOK | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800706be fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software
- Juli 2010 (KB890830)
Error - 20.07.2010 16:21:57 | Computer Name = KBOOK | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Systemereignisbenachrichtigung" ist von folgendem, nicht
vorhandenem Dienst abhängig: EventSystem
Error - 20.07.2010 16:29:50 | Computer Name = KBOOK | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Systemereignisbenachrichtigung" ist von folgendem, nicht
vorhandenem Dienst abhängig: EventSystem
Error - 20.07.2010 19:12:11 | Computer Name = KBOOK | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Systemereignisbenachrichtigung" ist von folgendem, nicht
vorhandenem Dienst abhängig: EventSystem
< End of report >
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4329
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18241
20.07.2010 16:34:23
mbam-log-2010-07-20 (16-34-23).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137713
Laufzeit: 22 Minute(n), 42 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Das Ergebnis vom vollständigen Scan danach: Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4329
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18241
20.07.2010 20:36:49
mbam-log-2010-07-20 (20-36-49).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 317686
Laufzeit: 3 Stunde(n), 15 Minute(n), 49 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\PCS Diag.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Wenn noch irgendein Log fehlt, dann sagt Bescheid. Ich poste ihn noch! *grad ziemlich übermüdet vor dem PC hock* :killpc:
Vielen Dank schonmal!
Gute Nacht.
Inuki |
