hier der 2 Report von OTL:
OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 07.07.2010 12:49:53 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = D:\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 387,00 Mb Available Physical Memory | 38,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): V:\pagefile.sys 4500 4500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,17 Gb Total Space | 23,46 Gb Free Space | 68,66% Space Free | Partition Type: NTFS
Drive D: | 87,89 Gb Total Space | 79,69 Gb Free Space | 90,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 22,06 Gb Total Space | 13,69 Gb Free Space | 62,07% Space Free | Partition Type: NTFS
Drive V: | 4,88 Gb Total Space | 0,48 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
Computer Name: ***PC
Current User Name: ***PC
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Processes (SafeList) ==========
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH)
PRC - C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe (Avira GmbH)
PRC - C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\movie - XL\j-point.exe ()
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)
========== Win32 Services (SafeList) ==========
SRV - (AntiVirScheduler) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (GMSIPCI) -- K:\INSTALL\GMSIPCI.SYS File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\WINDOWS\system32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\WINDOWS\system32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (s816mdm) -- C:\WINDOWS\system32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\WINDOWS\system32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\WINDOWS\system32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\WINDOWS\system32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\WINDOWS\system32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\WINDOWS\system32\drivers\s816bus.sys (MCCI Corporation)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://www.arcor.de/login/login.jsp"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.17 23:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.30 12:22:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.30 12:22:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.03 13:39:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2010.04.03 13:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Mozilla\Extensions
[2010.04.03 13:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2007.06.21 17:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Mozilla\Firefox\Profiles\6432k696.default\extensions
[2010.07.07 11:50:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de\chrome
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de\components
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de\defaults
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de\searchplugins
[2010.03.30 21:56:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.30 21:56:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.30 21:56:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.30 21:56:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.30 21:56:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.03.24 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\***PC\Startmenü\Programme\Autostart\movie - XL.lnk = C:\Programme\movie - XL\StartJP.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007.06.20 15:22:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010.07.05 22:45:25 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.07.05 22:45:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.05 01:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Malwarebytes
[2010.07.05 01:58:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.05 01:58:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.05 01:58:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.05 01:58:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.05 01:05:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***PC\Recent
[2010.07.05 00:33:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.22 17:09:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync
[2005.08.08 00:13:46 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010.07.07 11:54:54 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.07 11:50:11 | 000,000,821 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.07 11:49:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.07 11:49:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.07 11:49:32 | 000,321,846 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2010.07.06 23:01:25 | 005,505,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\***PC\NTUSER.DAT
[2010.07.06 23:01:24 | 000,064,988 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000005-00211102}.rfx
[2010.07.06 23:01:24 | 000,055,164 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000005-00211102}.rfx
[2010.07.06 23:01:24 | 000,055,164 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000005-00211102}.rfx
[2010.07.06 23:01:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.07.06 23:01:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.07.06 23:01:18 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***PC\ntuser.ini
[2010.07.06 18:08:30 | 000,122,368 | ---- | M] () -- D:\Eigene Dateien\TROJAN.doc
[2010.07.06 16:53:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.05 00:33:17 | 000,000,659 | ---- | M] () -- C:\Dokumente und Einstellungen\***PC\Desktop\CCleaner.lnk
[2010.07.04 20:17:26 | 000,029,696 | ---- | M] () -- D:\Eigene Dateien\***.doc neu.doc
[2010.07.04 20:07:23 | 000,027,136 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.07.04 19:55:19 | 000,097,350 | ---- | M] () -- D:\Eigene Dateien\***.jpg
[2010.07.04 19:55:19 | 000,000,035 | ---- | M] () -- C:\WINDOWS\Ulead32.INI
[2010.07.04 19:50:34 | 000,200,468 | ---- | M] () -- D:\Eigene Dateien\***.pdf0.pdf
[2010.07.04 19:47:41 | 000,417,900 | ---- | M] () -- D:\Eigene Dateien\***.pdf.pdf
[2010.07.04 02:28:21 | 000,024,064 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.07.02 18:03:11 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.06.22 17:18:14 | 000,405,408 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.22 17:18:14 | 000,392,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.22 17:18:14 | 000,070,542 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.22 17:18:14 | 000,058,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.22 17:18:13 | 000,938,970 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.22 17:11:35 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\$_hpcst$.hpc
[2010.06.20 19:11:55 | 000,020,992 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.06.20 19:04:13 | 000,027,136 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.06.20 18:57:48 | 000,101,888 | ---- | M] () -- D:\Eigene Dateien\***doc2.docmit BILD.doc
[2010.06.20 18:53:48 | 000,174,080 | ---- | M] () -- D:\Eigene Dateien\***.doc2.doc
[2010.06.12 10:53:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.08 18:53:13 | 000,025,600 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.06.08 10:21:26 | 000,140,464 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.06.03 18:10:34 | 000,028,672 | ---- | M] () -- C:\Dokumente und Einstellungen\***PC\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.30 14:47:55 | 000,025,600 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.05.24 16:05:55 | 000,028,816 | ---- | M] () -- D:\Eigene Dateien\***.tif
[2010.05.24 16:04:15 | 000,041,124 | ---- | M] () -- D:\Eigene Dateien\***.tif
[2010.05.17 17:47:45 | 000,020,480 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.05.11 12:21:53 | 000,880,673 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.04.30 15:22:50 | 000,021,504 | ---- | M] () -- D:\Eigene Dateien\B***.doc
[2010.04.30 15:22:00 | 000,029,696 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.27 15:27:17 | 000,008,628 | -H-- | M] () -- C:\WINDOWS\System32\ZSHP1020.GID
[2010.04.27 15:27:08 | 000,974,144 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:24:03 | 001,624,167 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:20:38 | 001,625,866 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:18:43 | 001,622,529 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:03:24 | 001,765,970 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:02:03 | 001,665,483 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 14:46:20 | 000,650,792 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.04.24 17:09:49 | 000,025,600 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.04.18 13:42:27 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.06 17:54:40 | 000,122,368 | ---- | C] () -- D:\Eigene Dateien\TROJAN.doc
[2010.07.05 01:58:54 | 000,000,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.05 00:33:17 | 000,000,659 | ---- | C] () -- C:\Dokumente und Einstellungen\***PC\Desktop\CCleaner.lnk
[2010.07.04 19:54:57 | 000,097,350 | ---- | C] () -- D:\Eigene Dateien\***.jpg
[2010.07.04 19:50:18 | 000,200,468 | ---- | C] () -- D:\Eigene Dateien\***.pdf0.pdf
[2010.07.04 19:47:20 | 000,417,900 | ---- | C] () -- D:\Eigene Dateien\***.pdf.pdf
[2010.07.04 02:28:20 | 000,024,064 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.22 17:11:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\$_hpcst$.hpc
[2010.06.20 18:57:47 | 000,101,888 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.20 18:53:48 | 000,174,080 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.20 18:53:13 | 000,027,136 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.20 18:21:15 | 000,029,696 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.20 17:42:29 | 000,020,992 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.08 10:20:37 | 000,140,464 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.06.08 08:58:45 | 000,025,600 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.05.30 14:47:54 | 000,025,600 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.05.24 16:05:57 | 000,028,816 | ---- | C] () -- D:\Eigene Dateien\***.tif
[2010.05.24 16:04:16 | 000,041,124 | ---- | C] () -- D:\Eigene Dateien\***.tif
[2010.05.17 17:47:44 | 000,020,480 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.05.11 12:21:27 | 000,880,673 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:26:42 | 000,974,144 | ---- | C] () -- D:\Eigene Dateien\p***.pdf
[2010.04.27 15:23:36 | 001,624,167 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:20:11 | 001,625,866 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:18:16 | 001,622,529 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:02:57 | 001,765,970 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 15:01:37 | 001,665,483 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 14:45:55 | 000,650,792 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.04.27 14:33:55 | 000,029,696 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.04.24 17:02:36 | 000,025,600 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.04.24 16:57:52 | 000,021,504 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2009.03.25 20:06:26 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.10.29 20:57:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2008.10.29 20:22:11 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008.10.24 23:13:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.07.11 17:02:54 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2008.06.28 00:16:15 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2007.08.29 00:22:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.28 19:17:50 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2007.08.28 19:15:41 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2007.08.28 19:15:41 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2007.07.18 18:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.06.30 17:54:00 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2007.06.26 07:33:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2007.06.26 07:10:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2007.06.21 17:23:32 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.03.24 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006.03.24 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005.12.07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.08.10 00:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.08.08 00:19:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005.08.07 23:42:12 | 000,068,135 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2005.08.07 23:42:10 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005.06.07 15:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003.03.21 11:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
========== LOP Check ==========
[2007.06.26 09:12:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2010.07.06 20:00:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2008.03.30 16:48:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2007.06.26 07:33:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2008.01.17 01:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2008.01.17 01:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008.06.28 00:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2008.03.30 14:07:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2009.10.19 18:41:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Acronis
[2008.10.24 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Desktopicon
[2007.07.02 20:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\ICQ Toolbar
[2007.07.02 20:04:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\ICQLite
[2008.01.17 18:03:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Nokia
[2008.01.17 16:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Nokia Multimedia Player
[2007.11.07 17:36:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Opera
[2008.01.22 20:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\PC Suite
[2009.04.20 21:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\ScreeNet iSaver
[2008.03.30 14:07:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Sony
[2010.04.03 13:41:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Thunderbird
[2008.10.24 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Toolbars
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\ytb612_efgsip.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\psa30se_de_de.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\mp10setup.exe.part:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\Firefox Setup 1.5.0.4.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\doppelAntragJenni.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\B***.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\attachment_mid=w9BvdnEjODBzKUZhc2RIEE4%2BLC4batIk&uid=X05zditceWU3NoGHyW5nX38rK0tsZo1J&frame=content.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\air2mp3_setup_2.0.1.0.exe:KAVICHS
< End of report >
--- --- ---
--- --- ---
DRV - (GMSIPCI) -- K:\INSTALL\GMSIPCI.SYS File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\WINDOWS\system32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\WINDOWS\system32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\WINDOWS\system32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\WINDOWS\system32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\WINDOWS\system32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\WINDOWS\system32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (s816mdm) -- C:\WINDOWS\system32\drivers\s816mdm.sys (MCCI Corporation)
DRV - (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s816mgmt.sys (MCCI Corporation)
DRV - (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM) -- C:\WINDOWS\system32\drivers\s816unic.sys (MCCI)
DRV - (s816obex) -- C:\WINDOWS\system32\drivers\s816obex.sys (MCCI Corporation)
DRV - (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS) -- C:\WINDOWS\system32\drivers\s816nd5.sys (MCCI Corporation)
DRV - (s816mdfl) -- C:\WINDOWS\system32\drivers\s816mdfl.sys (MCCI Corporation)
DRV - (s816bus) Sony Ericsson Device 816 driver (WDM) -- C:\WINDOWS\system32\drivers\s816bus.sys (MCCI Corporation)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (RT2500) -- C:\WINDOWS\system32\drivers\RT2500.sys (Ralink Technology Inc.)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://www.arcor.de/login/login.jsp"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.17 23:20:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.30 12:22:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.30 12:22:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.03 13:39:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2010.04.03 13:41:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Mozilla\Extensions
[2010.04.03 13:41:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2007.06.21 17:08:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Mozilla\Firefox\Profiles\6432k696.default\extensions
[2010.07.07 11:50:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de\chrome
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de\components
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de\defaults
[2007.06.21 16:25:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\pcwelt-cck@extensions.pcwelt.de\searchplugins
[2010.03.30 21:56:56 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.30 21:56:56 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.30 21:56:56 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.30 21:56:56 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.30 21:56:56 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.03.24 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll File not found
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Programme\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\***PC\Startmenü\Programme\Autostart\movie - XL.lnk = C:\Programme\movie - XL\StartJP.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (ICQ Ltd.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About
:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***PC\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007.06.20 15:22:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 90 Days ==========
[2010.07.05 22:45:25 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.07.05 22:45:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.05 01:59:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Malwarebytes
[2010.07.05 01:58:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.05 01:58:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.05 01:58:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.05 01:58:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.05 01:05:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***PC\Recent
[2010.07.05 00:33:16 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.22 17:10:16 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010.06.22 17:10:10 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010.06.22 17:09:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync
[2005.08.08 00:13:46 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 90 Days ==========
[2010.07.07 11:54:54 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.07 11:50:11 | 000,000,821 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.07.07 11:49:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.07 11:49:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.07 11:49:32 | 000,321,846 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2010.07.06 23:01:25 | 005,505,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\***PC\NTUSER.DAT
[2010.07.06 23:01:24 | 000,064,988 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000005-00211102}.rfx
[2010.07.06 23:01:24 | 000,055,164 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000005-00211102}.rfx
[2010.07.06 23:01:24 | 000,055,164 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000005-00211102}.rfx
[2010.07.06 23:01:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.07.06 23:01:24 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.07.06 23:01:18 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***PC\ntuser.ini
[2010.07.06 18:08:30 | 000,122,368 | ---- | M] () -- D:\Eigene Dateien\TROJAN.doc
[2010.07.06 16:53:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.05 00:33:17 | 000,000,659 | ---- | M] () -- C:\Dokumente und Einstellungen\***PC\Desktop\CCleaner.lnk
[2010.07.04 20:17:26 | 000,029,696 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.07.04 20:07:23 | 000,027,136 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.07.04 19:55:19 | 000,097,350 | ---- | M] () -- D:\Eigene Dateien\***.jpg
[2010.07.04 19:55:19 | 000,000,035 | ---- | M] () -- C:\WINDOWS\Ulead32.INI
[2010.07.04 19:50:34 | 000,200,468 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[2010.07.04 19:47:41 | 000,417,900 | ---- | M] () -- D:\Eigene Dateien\***.pdf.pdf
[2010.07.04 02:28:21 | 000,024,064 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.07.02 18:03:11 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.06.22 17:18:14 | 000,405,408 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.22 17:18:14 | 000,392,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.22 17:18:14 | 000,070,542 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.22 17:18:14 | 000,058,654 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.22 17:18:13 | 000,938,970 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.22 17:11:35 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\$_hpcst$.hpc
[2010.06.20 19:11:55 | 000,020,992 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.06.20 19:04:13 | 000,027,136 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.06.20 18:57:48 | 000,101,888 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.06.20 18:53:48 | 000,174,080 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.06.12 10:53:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.08 18:53:13 | 000,025,600 | ---- | M] () -- D:\Eigene Dateien\***.doc
[2010.06.08 10:21:26 | 000,140,464 | ---- | M] () -- D:\Eigene Dateien\***.pdf
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.06 17:54:40 | 000,122,368 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.07.05 01:58:54 | 000,000,681 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.05 00:33:17 | 000,000,659 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.07.04 19:54:57 | 000,097,350 | ---- | C] () -- D:\Eigene Dateien\***.jpg
[2010.07.04 19:50:18 | 000,200,468 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.07.04 19:47:20 | 000,417,900 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.07.04 02:28:20 | 000,024,064 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.22 17:11:35 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\$_hpcst$.hpc
[2010.06.20 18:57:47 | 000,101,888 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.20 18:53:48 | 000,174,080 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.20 18:53:13 | 000,027,136 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.20 18:21:15 | 000,029,696 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.20 17:42:29 | 000,020,992 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2010.06.08 10:20:37 | 000,140,464 | ---- | C] () -- D:\Eigene Dateien\***.pdf
[2010.06.08 08:58:45 | 000,025,600 | ---- | C] () -- D:\Eigene Dateien\***.doc
[2009.03.25 20:06:26 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.10.29 20:57:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2008.10.29 20:22:11 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2008.10.24 23:13:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.07.11 17:02:54 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install6x.dll
[2008.06.28 00:16:15 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2007.08.29 00:22:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.28 19:17:50 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
[2007.08.28 19:15:41 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2007.08.28 19:15:41 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2007.07.18 18:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.06.30 17:54:00 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2007.06.26 07:33:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL
[2007.06.26 07:10:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL
[2007.06.21 17:23:32 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.03.24 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006.03.24 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005.12.07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005.08.10 00:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.08.08 00:19:00 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005.08.07 23:42:12 | 000,068,135 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2005.08.07 23:42:10 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005.06.07 15:10:50 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2003.03.21 11:56:12 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
========== LOP Check ==========
[2007.06.26 09:12:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2010.07.06 20:00:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2008.03.30 16:48:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2007.06.26 07:33:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2008.01.17 01:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2008.01.17 01:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008.06.28 00:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2008.03.30 14:07:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2009.10.19 18:41:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Acronis
[2008.10.24 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Desktopicon
[2007.07.02 20:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\ICQ Toolbar
[2007.07.02 20:04:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\ICQLite
[2008.01.17 18:03:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Nokia
[2008.01.17 16:03:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Nokia Multimedia Player
[2007.11.07 17:36:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Opera
[2008.01.22 20:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\PC Suite
[2009.04.20 21:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\ScreeNet iSaver
[2008.03.30 14:07:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Sony
[2010.04.03 13:41:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Thunderbird
[2008.10.24 23:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***PC\Anwendungsdaten\Toolbars
========== Purity Check ========== ========== Alternate Data Streams ==========
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\ytb612_efgsip.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\psa30se_de_de.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\mp10setup.exe.part:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.ppt:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\Firefox Setup 1.5.0.4.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\doppelAntragJenni.xls:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\***.doc:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\attachment_mid=w9BvdnEjODBzKUZhc2RIEE4%2BLC4batIk&uid=X05zditceWU3NoGHyW5nX38rK0tsZo1J&frame=content.pdf:KAVICHS
@Alternate Data Stream - 36 bytes -> D:\Eigene Dateien\air2mp3_setup_2.0.1.0.exe:KAVICHS
< End of report >
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 07.07.2010 12:49:53 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = D:\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 387,00 Mb Available Physical Memory | 38,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): V:\pagefile.sys 4500 4500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,17 Gb Total Space | 23,46 Gb Free Space | 68,66% Space Free | Partition Type: NTFS
Drive D: | 87,89 Gb Total Space | 79,69 Gb Free Space | 90,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 22,06 Gb Total Space | 13,69 Gb Free Space | 62,07% Space Free | Partition Type: NTFS
Drive V: | 4,88 Gb Total Space | 0,48 Gb Free Space | 9,85% Space Free | Partition Type: NTFS
Computer Name: ***PC
Current User Name: ***PC
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0 -- (Sony Creative Software Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink Wireless LAN
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine für Tevion
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8EF5EE9B-80B0-4124-903D-F852A54D14F7}" = movie - XL
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B2446DA3-69CB-46EA-96B0-9E1CBD4F9B50}" = iSaver
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink Wireless LAN Card
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Ashampoo WinOptimizer 2007" = Ashampoo WinOptimizer 2007
"Audiograbber" = Audiograbber 1.83 SE
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CCleaner" = CCleaner
"Creative Media Toolbox" = Creative Media Toolbox
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"FOCUS-Online-Screensaver-MAIN Screensaver" = FOCUS-Online-Screensaver-MAIN Screensaver
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"ICQLite" = ICQ 5.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6
"Nokia PC Suite" = Nokia PC Suite
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PROSet" = Intel(R) PRO Network Connections Drivers
"QcDrv" = Logitech® Camera-Treiber
"RealPlayer 6.0" = RealPlayer
"Somikon Video Center_is1" = Somikon Video Center
"SysInfo" = Creative-Systeminformationen
"TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay
"VLC media player" = VLC media player 0.9.4
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.96-4
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"YDKJG" = YOU DON'T KNOW JACK®
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.06.2010 11:52:11 | Computer Name = ***PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul user32.dll, Version 5.1.2600.2180, Fehleradresse 0x00013685.
[ System Events ]
Error - 22.06.2010 11:20:24 | Computer Name = ***PC | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer ***,
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{99B6F3DD-3338-448D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 22.06.2010 12:56:25 | Computer Name = ***PC | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "***,
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{99B6F3DD-3338-448D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 22.06.2010 14:08:17 | Computer Name = ***PC | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer ***,
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{99B6F3DD-3338-448D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 22.06.2010 15:08:22 | Computer Name = ***PC | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer ***,
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{99B6F3DD-3338-448D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 22.06.2010 16:08:24 | Computer Name = ***PC | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer ***,
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{99B6F3DD-3338-448D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 22.06.2010 17:20:24 | Computer Name = ***PC | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer***,
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{99B6F3DD-3338-448D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 25.06.2010 10:32:18 | Computer Name = ***PC | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer ***,
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{99B6F3DD-3338-448D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 25.06.2010 17:49:28 | Computer Name = ***PC | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer ***,
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{99B6F3DD-3338-448D-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 30.06.2010 06:56:01 | Computer Name = ***PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\D gefunden.
Error - 04.07.2010 20:09:12 | Computer Name = ***PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
< End of report >
--- --- ---
Leider hat mir Avira AntiVir 3 weitere Viren der Sorte TR/Trash.Gen' [trojan] angezeigt, die sich alle im gleichen Pfad und im Modus:
In der Datei 'C:\System Volume Information\_restore{D1ED2C5F-0B15-4182-AA64-206F184A92A9}\RP1\A0000315.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
befinden.
