Hier die Logfiles
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4052
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
08.11.2010 22:57:28
mbam-log-2010-11-08 (22-57-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 267915
Laufzeit: 2 Stunde(n), 39 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\mustermann\Anwendungsdaten\Microsoft\svchost.exe (Backdoor.Bot) -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\usuario\Anwendungsdaten\Microsoft\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
OTL Logfile: Code:
OTL logfile created on: 08.11.2010 23:05:12 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\mustermann\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 208,47 Gb Free Space | 69,94% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 74,46 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive I: | 4,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 3,74 Gb Total Space | 3,72 Gb Free Space | 99,66% Space Free | Partition Type: FAT32
Computer Name: COMP1 | User Name: mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\mustermann\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\mustermann\Anwendungsdaten\Microsoft\Windows\shell.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
PRC - C:\Programme\PopMan\PopMan.exe (CH-Software)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\mustermann\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (pgsql-8.3) -- C:\Programme\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (MZCCntrl) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (hwdatacard) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NmPar) -- C:\WINDOWS\system32\drivers\NmPar.sys (Windows (R) 2000 DDK provider)
DRV - (nmserial) -- C:\WINDOWS\system32\drivers\NmSerial.sys (Windows (R) 2000 DDK provider)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (MACNDIS5) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys (Marmiko IT-Solutions GmbH)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (AR5523) -- C:\WINDOWS\system32\drivers\ar5523.sys (Atheros Communications, Inc.)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (nipplpt2) -- C:\WINDOWS\system32\drivers\nipplpt.sys ()
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O1 HOSTS File: ([2004.11.11 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKCU..\Run: [PopMan] C:\Programme\PopMan\PopMan.exe (CH-Software)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
F3 - HKCU WinNT: Load - (C:\DOKUME~1\mustermann\LOKALE~1\Temp\dwm.exe) - C:\DOKUME~1\mustermann\LOKALE~1\Temp\dwm.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\mustermann\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225148738781 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227364732750 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (Steuerung des DownloadManager )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Dokumente und Einstellungen\mustermann\Anwendungsdaten\Microsoft\Windows\shell.exe) - C:\Dokumente und Einstellungen\mustermann\Anwendungsdaten\Microsoft\Windows\shell.exe ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.01.27 19:04:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.01.24 03:48:50 | 000,000,041 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010.11.06 23:56:04 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2482eab0-1876-11dd-bf12-00173172c32f}\Shell - "" = AutoRun
O33 - MountPoints2\{2482eab0-1876-11dd-bf12-00173172c32f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2482eab1-1876-11dd-bf12-00173172c32f}\Shell - "" = AutoRun
O33 - MountPoints2\{2482eab1-1876-11dd-bf12-00173172c32f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{402022a6-ae37-11db-898b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{402022a6-ae37-11db-898b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{402022a6-ae37-11db-898b-806d6172696f}\Shell\AutoRun\command - "" = I:\launch.exe -- [2004.10.22 02:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{417d0112-179c-11dd-bf0d-00173172c32f}\Shell - "" = AutoRun
O33 - MountPoints2\{417d0112-179c-11dd-bf0d-00173172c32f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{417d0113-179c-11dd-bf0d-00173172c32f}\Shell - "" = AutoRun
O33 - MountPoints2\{417d0113-179c-11dd-bf0d-00173172c32f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.11.08 23:03:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mustermann\Desktop\OTL.exe
[2010.11.08 20:12:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mustermann\Anwendungsdaten\Malwarebytes
[2010.11.08 20:12:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.08 20:11:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.08 20:11:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.11.07 01:22:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.07 01:01:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.11.07 01:00:00 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.11.07 00:40:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mustermann\Desktop\MFtools
[2010.11.03 23:50:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.11.02 00:43:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mustermann\Desktop\MP3
[2010.11.02 00:36:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mustermann\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.11.02 00:36:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mustermann\Eigene Dateien\DVDVideoSoft
[2010.11.02 00:36:23 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2010.11.02 00:36:22 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.10.30 16:11:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mustermann\Anwendungsdaten\Apple Computer
[2010.10.30 16:11:44 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010.10.30 16:10:50 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.10.30 16:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.10.30 16:10:46 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.10.30 16:10:05 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.10.30 16:10:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.10.30 16:09:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mustermann\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.10.30 16:09:55 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.10.30 16:08:37 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.10.30 16:08:26 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.10.30 16:08:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010.10.30 16:05:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mustermann\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2008.09.04 17:33:11 | 001,459,757 | ---- | C] (Qsc) -- C:\Programme\SpeedTestInstall.exe
========== Files - Modified Within 30 Days ==========
[2010.11.08 23:00:43 | 000,205,991 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.11.08 23:00:07 | 000,009,488 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.08 22:59:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.08 22:47:51 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2010.11.08 20:12:19 | 000,000,679 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.07 01:00:01 | 000,000,594 | ---- | M] () -- C:\Dokumente und Einstellungen\mustermann\Desktop\NTREGOPT.lnk
[2010.11.07 01:00:01 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\mustermann\Desktop\ERUNT.lnk
[2010.11.06 18:48:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mustermann\Desktop\OTL.exe
[2010.11.05 01:13:58 | 000,002,367 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware SE Personal.lnk
[2010.11.05 00:26:11 | 000,471,642 | ---- | M] () -- C:\Dokumente und Einstellungen\mustermann\Desktop\Load.exe
[2010.11.04 22:32:12 | 000,002,293 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TQVault.lnk
[2010.11.03 23:50:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.03 21:24:27 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010.11.03 17:54:41 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.11.02 00:36:37 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\mustermann\Desktop\DVDVideoSoft Free Studio.lnk
[2010.10.31 20:47:20 | 000,002,271 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TQ Defiler.NET.lnk
[2010.10.31 12:56:52 | 000,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.31 12:56:52 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.31 12:56:52 | 000,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.31 12:56:52 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.30 16:28:57 | 000,036,576 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.10.30 16:10:22 | 000,001,587 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
========== Files Created - No Company Name ==========
[2010.11.08 20:12:19 | 000,000,679 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.07 01:00:01 | 000,000,594 | ---- | C] () -- C:\Dokumente und Einstellungen\mustermann\Desktop\NTREGOPT.lnk
[2010.11.07 01:00:01 | 000,000,575 | ---- | C] () -- C:\Dokumente und Einstellungen\mustermann\Desktop\ERUNT.lnk
[2010.11.04 23:30:36 | 000,471,642 | ---- | C] () -- C:\Dokumente und Einstellungen\mustermann\Desktop\Load.exe
[2010.11.02 00:36:35 | 000,000,909 | ---- | C] () -- C:\Dokumente und Einstellungen\mustermann\Desktop\DVDVideoSoft Free Studio.lnk
[2010.10.30 16:28:57 | 000,036,576 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.10.30 16:11:46 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.10.30 16:10:22 | 000,001,587 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.10.30 16:09:58 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.03.11 18:40:17 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009.11.01 01:00:10 | 000,004,985 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ojvzdisj.xda
[2009.08.19 17:45:34 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2008.12.05 21:43:18 | 000,000,258 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.08.24 14:30:15 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\mustermann\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.07.15 12:00:01 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\mustermann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.13 14:57:20 | 000,003,254 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008.06.13 14:57:20 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008.06.13 14:55:15 | 000,000,649 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008.06.13 14:52:40 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.05.28 07:43:59 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008.05.28 07:41:45 | 000,018,527 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2008.05.28 07:41:44 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nippnt.dll
[2008.05.28 07:41:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\nipp95.dll
[2007.06.24 18:09:08 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2007.02.08 18:30:29 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007.02.07 13:54:38 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2007.02.05 14:37:00 | 000,000,067 | ---- | C] () -- C:\WINDOWS\drivenet.INI
[2007.01.31 20:03:44 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007.01.31 20:03:44 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007.01.31 20:03:44 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.01.30 17:18:55 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.01.30 16:48:48 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.01.30 16:30:52 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007.01.30 16:30:51 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007.01.30 13:24:18 | 000,045,614 | ---- | C] () -- C:\Dokumente und Einstellungen\mustermann\Lokale Einstellungen\Anwendungsdaten\FASTWiz.log
[2007.01.27 19:58:47 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007.01.27 18:55:37 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.01.26 14:50:45 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.01.26 14:50:44 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.01.26 14:50:42 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.01.26 14:50:41 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.01.26 14:50:39 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.01.26 14:50:39 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.11.10 10:38:44 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2005.09.08 09:55:34 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2005.04.18 07:43:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2005.01.21 12:41:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2004.10.15 17:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2003.02.05 15:31:42 | 000,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2001.10.04 13:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2000.01.20 08:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999.06.30 03:48:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[1999.01.11 03:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1996.05.14 08:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995.08.22 07:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
< End of report > --- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 08.11.2010 23:05:12 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\mustermann\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 208,47 Gb Free Space | 69,94% Space Free | Partition Type: NTFS
Drive D: | 74,53 Gb Total Space | 74,46 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
Drive I: | 4,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 3,74 Gb Total Space | 3,72 Gb Free Space | 99,66% Space Free | Partition Type: FAT32
Computer Name: COMP1 | User Name: mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\World of Warcraft\WoW-1.12.0-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-1.12.0-enGB-downloader.exe:*:Disabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe" = C:\Programme\World of Warcraft\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-2.0.3-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.0.3-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.0.3.6299-to-2.0.5.6320-enGB-downloader.exe:*:Disabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\Avira\DriveNet\drivenet.exe" = C:\Programme\Avira\DriveNet\drivenet.exe:*:Disabled:CIA DRiVE is used to connect remote drives for maintenance and repair operations. -- (CIA DRiVE.NET)
"C:\Programme\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.0.7.6383-to-2.0.8.6403-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-2.0.3.6299-to-2.0.7.6383-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.0.3.6299-to-2.0.7.6383-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
"C:\Programme\Ventrilo\Ventrilo.exe" = C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23430AE3-6FFF-47CF-B7E7-1552FC61DF39}" = Philips Flat Panel Adjust
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{384A291D-1138-4218-A41B-87CBAE22CFBA}" = hppFaxUtility
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{7C08EEEC-8288-4C0E-BD1C-B8B9BEE360BD}" = TQVault
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A61A59E2-5499-4164-B588-470387E149C9}" = TQ Defiler.NET
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.6.8-2)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online: Die Belagerung des Düsterwalds v03.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Avira DriveNet" = Avira DriveNet 2.0
"BackgammonMasters_is1" = BackgammonMasters Client
"Diablo II" = Diablo II
"DriveNet" = DriveNet
"ERUNT_is1" = ERUNT 1.1j
"Filzip 3.0.6.93_is1" = Filzip 3.06
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mumble" = Mumble and Murmur
"Nero - Burning Rom" = Nero - Burning Rom
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client für Windows 2000
"Novell iPrint Client" = Novell iPrint Client v03.09.00
"NVIDIA Drivers" = NVIDIA Drivers
"PKR" = PKR
"PokerStars" = PokerStars
"PopMan-CH-Software_is1" = PopMan 1.2.2
"Sweepi_is1" = Sweepi 5.4.00
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Titan Poker" = Titan Poker
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.12.2009 09:32:34 | Computer Name = COMP1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TQDefilerNET.exe, Version 1.1.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 27.12.2009 09:54:35 | Computer Name = COMP1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TQDefilerNET.exe, Version 1.1.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 20.01.2010 14:19:10 | Computer Name = COMP1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TQDefilerNET.exe, Version 1.1.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.01.2010 16:56:34 | Computer Name = COMP1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung TQDefilerNET.exe, Version 1.1.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.01.2010 12:41:31 | Computer Name = COMP1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Tqit.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 31.01.2010 12:41:56 | Computer Name = COMP1 | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 344138440.
Error - 15.02.2010 18:24:00 | Computer Name = COMP1 | Source = MsiInstaller | ID = 11706
Description = Product: TQVault -- Error 1706. An installation package for the product
TQVault cannot be found. Try the installation again using a valid copy of the installation
package 'Setup.msi'.
Error - 15.02.2010 18:27:19 | Computer Name = COMP1 | Source = MsiInstaller | ID = 11706
Description = Product: TQVault -- Error 1706. An installation package for the product
TQVault cannot be found. Try the installation again using a valid copy of the installation
package 'Setup.msi'.
Error - 15.02.2010 18:46:47 | Computer Name = COMP1 | Source = MsiInstaller | ID = 11706
Description = Product: TQVault -- Error 1706. An installation package for the product
TQVault cannot be found. Try the installation again using a valid copy of the installation
package 'Setup.msi'.
Error - 20.02.2010 09:49:38 | Computer Name = COMP1 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Tqit.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 04.11.2010 18:38:05 | Computer Name = COMP1 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x8024002d fehlgeschlagen: Microsoft Office 2003 Service Pack 3 (SP3)
Error - 04.11.2010 19:36:00 | Computer Name = COMP1 | Source = Service Control Manager | ID = 7034
Description = Dienst "Sygate Personal Firewall" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 06.11.2010 08:47:27 | Computer Name = COMP1 | Source = Service Control Manager | ID = 7034
Description = Dienst "Sygate Personal Firewall" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 06.11.2010 19:33:04 | Computer Name = COMP1 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
< End of report > --- --- ---
Es gab noch 2 Fehlermeldungen während des Hochfahrens von mbam. die lauteten
vbAccellerator SGRID control runtime error = 0
vbAccellerator SGRID control runtime error = 440
Wegen der fehlenden firewall und des nicht funktionsfähigen Internet browsers hatte ich den router abgeschaltet. War mir nicht sicher ob der an oder aus sein sollte...
Des weiteren sind vielleicht noch folgende Fehlermeldungen beim Hochfahren des Rechners interessant, die es vorher nicht gab :
Dokumente/mustermann/lokaledateien/temp/dwm.exe konnte nicht gefunden werden
Sygate Agent Firewall hat einen Fehler festgestellt und musste beendet werden
Vielen Dank schon mal für weitere Hilfe! |