hey danke für die antwort=)
also ich hab (bevor du mir geantwortet hattes) maleware mal versucht und ja...hat 13 infektionen erkannt=\, die ich dann umgehend gelöscht habe...Dieses hatte auch sofort zur Folge, das jetzt wieder der rechner normal hochfährt...(scheinbar hilft spybot wohl doch nicht so wie ich es dachte) Jetzt habe ich aber das Problem, das ich die windows firewall nicht mehr einschalten kann und ein rundll fehler aufplopt...ausserdem habe ich(schon seit längerem) das"problem, das ich .exe dateien nich runterladen kann. Es bricht immer sofort ab..so musste ich zb OTl die link adresse in dem jdownloader eingeben, damit ich das prog saugen konnte=\ WIe auch immer..hier nochma die geforderten berichte...ziemlich zugemüllt der rechner...
OTL
TxtOTL Logfile: Code:
OTL logfile created on: 05.12.2010 20:37:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = I:\bb\Neuer Ordner
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Programme
Drive I: | 335,34 Gb Total Space | 29,25 Gb Free Space | 8,72% Space Free | Partition Type: NTFS
Drive X: | 136,36 Gb Total Space | 136,29 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - I:\bb\Neuer Ordner\OTL.exe (OldTimer Tools)
PRC - I:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - I:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - I:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - I:\Programme\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - I:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - I:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - I:\Programme\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Programme\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Programme\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - I:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - I:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - I:\Programme\VideoLAN\VLC\vlc.exe ()
PRC - I:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
PRC - I:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - I:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - I:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - I:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - I:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - I:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - I:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - I:\bb\Neuer Ordner\OTL.exe (OldTimer Tools)
MOD - I:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (WZCSVCImapiService) -- I:\WINDOWS\System32\aaaamoni.exe File not found
SRV - (AVG Security Toolbar Service) -- I:\Programme\AVG\AVG8\Toolbar\ToolbarBroker.exe ()
SRV - (Apple Mobile Device) -- I:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avg8emc) -- I:\Programme\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- I:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BCUService) -- I:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (NMIndexingService) -- I:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (AcrSch2Svc) -- I:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (IDriverT) -- I:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- I:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- I:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (gdrv) -- I:\WINDOWS\gdrv.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- I:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- I:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Monfilt) -- I:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- I:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (nvnetbus) -- I:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- I:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AvgMfx86) -- I:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- I:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (atksgt) -- I:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- I:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (AvgTdiX) -- I:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- I:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (timounter) -- I:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- I:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- I:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (RTLE8023xp) -- I:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AmdK8) -- I:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HDAudBus) -- I:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- I:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- I:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (PQNTDrv) -- I:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (ASPI) -- I:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (NwlnkNb) -- I:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- I:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: *{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: I:\Programme\AVG\AVG8\Firefox [2009.12.22 21:08:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: I:\Programme\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010.10.27 19:10:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: I:\Programme\Mozilla Firefox\components [2010.10.29 19:23:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: I:\Programme\Mozilla Firefox\plugins [2010.10.29 19:23:35 | 000,000,000 | ---D | M]
[2009.03.14 04:19:50 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2009.03.14 04:19:50 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2010.12.05 17:43:32 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\1jxbtbnv.default\extensions
[2010.10.15 20:28:57 | 000,000,000 | ---D | M] (DownloadHelper) -- I:\Dokumente und Einstellungen\Bannuscher\Anwendungsdaten\Mozilla\Firefox\Profiles\1jxbtbnv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.05 06:12:45 | 000,000,000 | ---D | M] (Adblock Plus) -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\1jxbtbnv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.09 00:57:47 | 000,000,000 | ---D | M] (Greasemonkey) -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\1jxbtbnv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.12.05 17:43:32 | 000,000,000 | ---D | M] -- I:\Programme\Mozilla Firefox\extensions
[2010.05.28 13:33:42 | 000,000,000 | ---D | M] (Java Console) -- I:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.28 17:43:17 | 000,000,000 | ---D | M] (Java Console) -- I:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- I:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.12 13:25:38 | 000,001,392 | ---- | M] () -- I:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 13:25:38 | 000,002,344 | ---- | M] () -- I:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 13:25:38 | 000,006,805 | ---- | M] () -- I:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 13:25:38 | 000,001,178 | ---- | M] () -- I:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 13:25:38 | 000,001,105 | ---- | M] () -- I:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2001.08.18 15:00:00 | 000,000,820 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - I:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - I:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - I:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] I:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] I:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] I:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] I:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] I:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] I:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NeroFilterCheck] I:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL File not found
O4 - HKLM..\Run: [NvMediaCenter] I:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] I:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] I:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DAEMON Tools] I:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] I:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [uTorrent] I:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: I:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = I:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - I:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - I:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - I:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192880024328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - I:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - I:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - I:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
O30 - LSA: Authentication Packages - (relog_ap) - I:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.12.05 18:24:38 | 000,000,000 | ---D | C] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2010.12.05 18:24:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.12.05 18:24:34 | 000,000,000 | ---D | C] -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.12.05 18:24:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010.12.05 18:24:31 | 000,000,000 | ---D | C] -- I:\Programme\Malwarebytes' Anti-Malware
[2010.12.05 16:21:09 | 000,000,000 | ---D | C] -- I:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2010.12.05 13:44:39 | 000,000,000 | ---D | C] -- I:\Programme\AGEIA Technologies
[2010.12.05 13:44:39 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\AGEIA
[2010.12.05 13:44:27 | 000,000,000 | ---D | C] -- I:\Config.Msi
[2010.11.29 11:21:08 | 000,000,000 | ---D | C] -- I:\Dokumente und Einstellungen\xxx\Desktop\vd
[2010.11.27 17:53:06 | 000,000,000 | ---D | C] -- I:\Dokumente und Einstellungen\xxx\Desktop\Neuer Ordner (2)
[2010.11.25 19:23:24 | 000,000,000 | RH-D | C] -- I:\Dokumente und Einstellungen\xxx\Recent
[2010.11.25 19:14:15 | 000,000,000 | ---D | C] -- I:\Programme\CCleaner
[2010.11.25 18:12:45 | 000,018,808 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\spmsg.dll
[4 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[2 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.12.05 19:28:17 | 000,043,520 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.05 19:25:59 | 000,000,069 | ---- | M] () -- I:\WINDOWS\NeroDigital.ini
[2010.12.05 18:40:29 | 068,481,239 | ---- | M] () -- I:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.12.05 18:37:32 | 000,001,044 | ---- | M] () -- I:\WINDOWS\tasks\Google Software Updater.job
[2010.12.05 18:36:52 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010.12.05 18:24:34 | 000,000,758 | ---- | M] () -- I:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.05 18:22:40 | 000,001,324 | ---- | M] () -- I:\WINDOWS\System32\d3d9caps.dat
[2010.12.05 13:47:59 | 000,002,206 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010.12.04 23:51:54 | 000,240,592 | ---- | M] () -- I:\WINDOWS\System32\nvdrsdb0.bin
[2010.12.04 23:51:54 | 000,000,001 | ---- | M] () -- I:\WINDOWS\System32\nvdrssel.bin
[2010.12.04 23:51:50 | 000,240,592 | ---- | M] () -- I:\WINDOWS\System32\nvdrsdb1.bin
[2010.12.04 23:51:50 | 000,000,000 | ---- | M] () -- I:\WINDOWS\System32\nvdrswr.lk
[2010.12.04 23:34:55 | 000,000,552 | ---- | M] () -- I:\WINDOWS\System32\d3d8caps.dat
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010.11.29 15:02:00 | 000,000,458 | ---- | M] () -- I:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.11.25 19:14:16 | 000,000,656 | ---- | M] () -- I:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2010.11.22 23:20:57 | 000,011,939 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\R-93221-1096549178.jpg
[2010.11.22 23:20:36 | 000,063,988 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\R-21362-1287290485.jpeg
[2010.11.22 23:20:31 | 000,060,881 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\R-21362-1287290478.jpeg
[2010.11.22 22:58:00 | 039,160,687 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\41.wmv
[2010.11.22 21:18:31 | 000,002,121 | ---- | M] () -- I:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.11.22 17:18:18 | 011,745,742 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\06Boolean10a3.mp3
[2010.11.22 17:17:21 | 010,462,608 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\05Phrigstabbarely.mp3
[2010.11.22 17:16:29 | 002,033,416 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\04MySonScreams.mp3
[2010.11.22 17:16:07 | 008,126,216 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\03TwilightHeadspace.mp3
[2010.11.22 17:15:27 | 011,048,795 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\02RohevanHypnoticTechnique.mp3
[2010.11.22 17:14:22 | 008,863,914 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\01MinimumHeadspace.mp3
[2010.11.22 17:13:30 | 002,566,314 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\00BrokenDreamtracts.mp3
[2010.11.20 18:06:05 | 000,022,328 | ---- | M] () -- I:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.11.20 17:54:45 | 000,002,607 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Desktop\Microsoft Office Outlook 2003.lnk
[2010.11.20 17:23:01 | 000,000,276 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.14 17:28:05 | 010,047,955 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Eigene Dateien\Accelera Deck - innerstare.mp3
[2010.11.12 19:23:04 | 000,000,835 | ---- | M] () -- I:\Dokumente und Einstellungen\xxx\Desktop\Verknüpfung mit FalloutNVLauncher.exe.lnk
[4 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[2 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.12.05 18:24:34 | 000,000,758 | ---- | C] () -- I:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.04 23:51:54 | 000,240,592 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb0.bin
[2010.12.04 23:51:50 | 000,240,592 | ---- | C] () -- I:\WINDOWS\System32\nvdrsdb1.bin
[2010.12.04 23:51:50 | 000,000,001 | ---- | C] () -- I:\WINDOWS\System32\nvdrssel.bin
[2010.12.04 23:51:50 | 000,000,000 | ---- | C] () -- I:\WINDOWS\System32\nvdrswr.lk
[2010.12.04 23:34:55 | 000,000,552 | ---- | C] () -- I:\WINDOWS\System32\d3d8caps.dat
[2010.11.25 19:14:16 | 000,000,656 | ---- | C] () -- I:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2010.10.06 16:38:22 | 000,000,010 | ---- | C] () -- I:\WINDOWS\GSetup.ini
[2010.08.15 14:51:47 | 000,043,520 | ---- | C] () -- I:\WINDOWS\System32\CmdLineExt03.dll
[2010.08.15 14:40:08 | 000,021,840 | ---- | C] () -- I:\WINDOWS\System32\SIntfNT.dll
[2010.08.15 14:40:08 | 000,017,212 | ---- | C] () -- I:\WINDOWS\System32\SIntf32.dll
[2010.08.15 14:40:08 | 000,012,067 | ---- | C] () -- I:\WINDOWS\System32\SIntf16.dll
[2009.12.22 13:49:57 | 000,000,034 | ---- | C] () -- I:\WINDOWS\cdplayer.ini
[2009.12.19 19:21:54 | 000,000,000 | ---- | C] () -- I:\WINDOWS\SMMVSplitter.INI
[2009.08.07 18:51:34 | 000,178,430 | ---- | C] () -- I:\WINDOWS\System32\xlive.dll.cat
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- I:\WINDOWS\System32\AgCPanelFrench.dll
[2009.06.19 13:28:04 | 000,819,200 | ---- | C] () -- I:\WINDOWS\System32\xvidcore.dll
[2009.06.19 13:28:04 | 000,180,224 | ---- | C] () -- I:\WINDOWS\System32\xvidvfw.dll
[2009.06.18 12:41:22 | 000,281,760 | ---- | C] () -- I:\WINDOWS\System32\drivers\atksgt.sys
[2009.06.18 12:41:22 | 000,025,888 | ---- | C] () -- I:\WINDOWS\System32\drivers\lirsgt.sys
[2008.10.21 17:02:28 | 000,000,311 | ---- | C] () -- I:\WINDOWS\game.ini
[2008.10.07 13:33:00 | 000,286,720 | ---- | C] () -- I:\WINDOWS\System32\nvnt4cpl.dll
[2008.07.18 15:49:59 | 000,007,680 | ---- | C] () -- I:\WINDOWS\System32\ff_vfw.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- I:\WINDOWS\System32\physxcudart_20.dll
[2008.02.26 00:52:50 | 000,000,143 | ---- | C] () -- I:\Dokumente und Einstellungen\Bannuscher\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.02.25 19:52:04 | 000,022,328 | ---- | C] () -- I:\Dokumente und Einstellungen\Bannuscher\Anwendungsdaten\PnkBstrK.sys
[2008.02.15 10:42:35 | 000,716,272 | ---- | C] () -- I:\WINDOWS\System32\drivers\sptd.sys
[2007.12.11 11:20:53 | 000,004,508 | ---- | C] () -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.12.07 10:05:00 | 000,043,520 | ---- | C] () -- I:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.05 14:49:25 | 000,000,754 | ---- | C] () -- I:\WINDOWS\WORDPAD.INI
[2007.10.24 14:52:09 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2007.10.20 23:05:18 | 000,022,328 | ---- | C] () -- I:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.10.20 16:44:58 | 000,000,827 | ---- | C] () -- I:\WINDOWS\Qiii.INI
[2007.10.20 13:46:58 | 000,000,400 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2007.10.20 12:56:50 | 000,116,224 | ---- | C] () -- I:\WINDOWS\System32\redmonnt.dll
[2007.10.20 11:02:16 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- I:\WINDOWS\System32\OUTLPERF.INI
[2002.10.03 13:42:27 | 000,000,034 | ---- | C] () -- I:\WINDOWS\Q3version.ini
========== LOP Check ==========
[2007.10.20 12:19:25 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2010.03.05 17:08:14 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
[2010.10.27 19:10:53 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2010.09.18 22:03:07 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fallout3
[2010.08.15 02:37:38 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software
[2010.01.26 19:46:44 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Langenscheidt
[2010.03.29 12:40:57 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.12.10 04:06:59 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Auslogics
[2009.05.14 16:59:03 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\AVGTOOLBAR
[2010.05.13 22:13:45 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\BonkEnc
[2007.10.20 20:23:10 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\BSplayer
[2009.06.18 15:14:25 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GetRight
[2010.02.06 01:21:29 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GetRightToGo
[2010.07.29 16:15:14 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\gtk-2.0
[2009.02.25 03:15:13 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\id Software
[2010.01.26 19:46:44 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Langenscheidt
[2009.03.14 04:42:25 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\LimeWire
[2010.07.27 22:20:15 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mumble
[2009.12.25 21:11:34 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\runic games
[2010.04.20 16:07:49 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TS3Client
[2010.12.05 20:38:35 | 000,000,000 | ---D | M] -- I:\Dokumente und Einstellungen\xxx\Anwendungsdaten\uTorrent
[2010.11.29 15:02:00 | 000,000,458 | ---- | M] () -- I:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
< End of report > --- --- ---
und extrasOTL Logfile: Code:
OTL Extras logfile created on: 05.12.2010 20:37:10 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = I:\bb\Neuer Ordner
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): I:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Programme
Drive I: | 335,34 Gb Total Space | 29,25 Gb Free Space | 8,72% Space Free | Partition Type: NTFS
Drive X: | 136,36 Gb Total Space | 136,29 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Computer Name: xxx | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "I:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "I:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- I:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- I:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Programme\Grisoft\AVG7\avginet.exe" = I:\Programme\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"I:\Programme\Grisoft\AVG7\avgamsvr.exe" = I:\Programme\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"I:\Programme\Grisoft\AVG7\avgcc.exe" = I:\Programme\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"I:\Programme\Azureus\Azureus.exe" = I:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"I:\Quake III Arena\quake3.exe" = I:\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"I:\Age of Mythology\aom.exe" = I:\Age of Mythology\aom.exe:*:Enabled:Age of Mythology -- (Ensemble Studios)
"I:\Programme\iTunes\iTunes.exe" = I:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"I:\Wolfenstein - Enemy Territory\ET.exe" = I:\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- File not found
"I:\FEAR\fpupdate.exe" = I:\FEAR\fpupdate.exe:*:Enabled:fpupdate -- File not found
"I:\Programme\Steam\SteamApps\tudel\team fortress 2\hl2.exe" = I:\Programme\Steam\SteamApps\tudel\team fortress 2\hl2.exe:*:Enabled:hl2 -- File not found
"I:\Programme\AVG\AVG8\avgupd.exe" = I:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"I:\Programme\AVG\AVG8\avgemc.exe" = I:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"I:\Programme\Mozilla Firefox\firefox.exe" = I:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"I:\Dokumente und Einstellungen\xxx\Desktop\f3\F3.exe" = I:\Dokumente und Einstellungen\Bannuscher\Desktop\f3\F3.exe:*:Enabled:F3 -- File not found
"I:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe" = I:\Programme\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\WINDOWS\system32\java.exe" = I:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\Programme\Steam\steam.exe" = I:\Programme\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"I:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = I:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\FEAR\FEAR.exe" = I:\FEAR\FEAR.exe:*:Enabled:FEAR -- File not found
"I:\Dokumente und Einstellungen\Bannuscher\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 47defca0\Launcher.exe" = I:\Dokumente und Einstellungen\Bannuscher\Lokale Einstellungen\Temp\Blizzard Launcher Temporary - 47defca0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"I:\Programme\Java\jre6\bin\java.exe" = I:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\Programme\Steam\steamapps\common\defense grid demo\DefenseGridDemo.exe" = I:\Programme\Steam\steamapps\common\defense grid demo\DefenseGridDemo.exe:*:Enabled:Defense Grid: The Awakening Demo -- File not found
"I:\Programme\uTorrent\uTorrent.exe" = I:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"I:\Programme\Steam\steamapps\common\left 4 dead\left4dead.exe" = I:\Programme\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"I:\Programme\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = I:\Programme\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2BEB102E-F9CD-4881-984B-E288F66FD394}" = Quake Live Mozilla Plugin
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D2975E7-DD28-4145-811A-225140FF87F0}" = Acronis*True*Image*Home
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009.10.22
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40DED06-B52E-4970-8689-578D162638ED}" = DWGSee DWG Viewer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5098CA3-ED54-40E7-964A-B73E11AADB2A}" = Langenscheidt Vokabeltrainer 5.0 Englisch
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Mythology 1.0" = Age of Mythology
"Alien Breed 2: Assault_is1" = Alien Breed 2: Assault
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy Video Joiner_is1" = Easy Video Joiner 5.21
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Fallout 2" = Fallout 2
"Fallout New Vegas_is1" = Fallout New Vegas
"ffdshow_is1" = ffdshow [rev 2099] [2008-09-03]
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free RM to MP3 Converter_is1" = Free RM to MP3 Converter 1.12
"FreePDF_XP" = FreePDF XP (Remove only)
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"mp3splt-gtk" = mp3splt-gtk
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PartyPokerNetDE" = PartyPoker.net
"PunkBusterSvc" = PunkBuster Services
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"RealAlt_is1" = Real Alternative 1.42
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Replay Media Catcher" = Replay Media Catcher
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Video mp3 Extractor_is1" = Video mp3 Extractor
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
[ System Events ]
Error - 05.12.2010 13:35:49 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 05.12.2010 13:38:48 | Computer Name = xxx | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst NVSvc.
Error - 05.12.2010 13:39:18 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 05.12.2010 13:41:10 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 05.12.2010 13:49:52 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 05.12.2010 13:50:08 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 05.12.2010 14:26:40 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 05.12.2010 14:27:54 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 05.12.2010 14:28:24 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 05.12.2010 14:37:10 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
< End of report > --- --- ---
Und jetzt Malware bevor der reinigung und dannach (peinlich)
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Datenbank Version: 5243
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13
05.12.2010 18:29:50
mbam-log-2010-12-05 (18-29-50).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134848
Laufzeit: 2 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVW32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Value: id -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Value: host -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
i:\WINDOWS\system32\memgdns.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Datenbank Version: 5243
Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.13
05.12.2010 18:34:58
mbam-log-2010-12-05 (18-34-58).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134666
Laufzeit: 2 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden) |