Hi,
Danke für die schnelle Antwort, hier der Malware Scan: Code:
2012/07/24 08:44:27 +0200 BENUTZER-5FD411 MESSAGE Executing scheduled update: Daily
2012/07/24 08:44:27 +0200 BENUTZER-5FD411 ERROR Scheduled update failed: Host not found failed with error code 0
2012/07/24 08:50:52 +0200 BENUTZER-5FD411 Besitzer MESSAGE Starting protection
2012/07/24 08:50:59 +0200 BENUTZER-5FD411 Besitzer MESSAGE Protection started successfully
2012/07/24 08:51:02 +0200 BENUTZER-5FD411 Besitzer MESSAGE Starting IP protection
2012/07/24 08:51:04 +0200 BENUTZER-5FD411 Besitzer MESSAGE IP Protection started successfully
und OTL:
OTL EXTRAS Logfile: Code:
OTL logfile created on: 24.07.2012 10:44:07 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 77,87% Memory free
5,09 Gb Paging File | 4,53 Gb Available in Paging File | 88,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 409,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
Drive D: | 533,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,84 Gb Total Space | 1,82 Gb Free Space | 98,82% Space Free | Partition Type: FAT
Computer Name: BENUTZER-5FD411 | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Norman\nvc\bin\nvcoas.exe (Norman ASA)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Programme\Norman\nvc\bin\nhs.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Norman\Npm\Bin\zlh.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\njeeves.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Norman\Ngs\Bin\nnf.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)
PRC - C:\Programme\Norman\Ngs\Bin\nprosec.exe (Norman ASA)
PRC - C:\Programme\Norman\nvc\bin\cclaw.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
PRC - C:\Programme\Norman\Nse\Bin\nsesvc.exe (Norman ASA)
PRC - C:\Programme\Norman\Npc\Bin\nuaa.exe (Norman ASA)
PRC - C:\Programme\Norman\Npf\Bin\npfsvc32.exe (Norman ASA)
PRC - C:\Programme\Norman\Npc\Bin\npcsvc32.exe (Norman ASA)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\rool0_pk.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HD-LogRotatorService\3c6d0c1ef8cb45a912bc2974875f5bf6\HD-LogRotatorService.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Programme\Norman\nvc\bin\nhs.exe ()
MOD - C:\Programme\Norman\Npm\Bin\njeeves.exe ()
MOD - C:\Programme\Norman\Npm\Bin\noemrc.dll ()
MOD - C:\Programme\Norman\nvc\bin\ndlg.dll ()
MOD - C:\Programme\Norman\Npm\Bin\libxml2.dll ()
MOD - C:\Programme\Norman\Npm\Bin\nqtcore4.dll ()
MOD - C:\Programme\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Programme\Norman\Npm\Bin\lua.dll ()
MOD - C:\Programme\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll ()
MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (nvcoas) -- C:\Programme\Norman\nvc\bin\nvcoas.exe (Norman ASA)
SRV - (BstHdLogRotatorSvc) -- C:\Programme\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Programme\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (NHS) -- C:\Programme\Norman\nvc\bin\nhs.exe ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA)
SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\njeeves.exe ()
SRV - (NNFSVC) -- C:\Programme\Norman\Ngs\Bin\nnf.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
SRV - (NVOY) -- C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)
SRV - (NPROSECSVC) -- C:\Programme\Norman\Ngs\Bin\nprosec.exe (Norman ASA)
SRV - (Scheduler) -- C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (nsesvc) -- C:\Programme\Norman\Nse\Bin\nsesvc.exe (Norman ASA)
SRV - (NUAA) -- C:\Programme\Norman\Npc\Bin\nuaa.exe (Norman ASA)
SRV - (NPFSvc32) -- C:\Programme\Norman\Npf\Bin\npfsvc32.exe (Norman ASA)
SRV - (NPC) -- C:\Programme\Norman\Npc\Bin\npcsvc32.exe (Norman ASA)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EverestDriver) -- c:\cpustab\kerneld.wnt File not found
DRV - (cpuz135) -- C:\DOKUME~1\Besitzer\LOKALE~1\Temp\cpuz135\cpuz135_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (BstHdDrv) -- C:\Programme\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nregsec) -- C:\Programme\Norman\Ngs\Bin\nregsec.sys (Norman ASA)
DRV - (NPROSEC) -- C:\Programme\Norman\Ngs\Bin\nprosec.sys (Norman ASA)
DRV - (NGS) -- c:\Programme\Norman\Ngs\Bin\ngs.sys (Norman ASA)
DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\ndiskio.sys (Norman ASA)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (TDI_RD) -- C:\WINDOWS\system32\drivers\tdi_rd.sys (Norman ASA)
DRV - (NDIS_RD) -- C:\WINDOWS\System32\drivers\ndis_rd.sys (Norman ASA)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (fwlanusbn) -- C:\WINDOWS\system32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\OVSound2.sys (Microsoft Corporation)
DRV - (QCAbsee) Logitech QuickCam Web (0801) -- C:\WINDOWS\system32\drivers\OVCA.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{435BA806-9EFA-493B-953A-C2EA7300C77F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Programme\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2011.11.09 19:44:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 13:12:55 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Programme\mozilla firefox\plugins\npmieze.dll
[2012.06.13 10:14:23 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NPCTray] C:\Programme\Norman\npc\bin\npc_tray.exe (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Programme\Norman\npc\bin\nlf.dll (Norman ASA)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.21 11:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002.08.29 14:00:00 | 000,000,112 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{802cca42-ee10-11de-88e0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{802cca42-ee10-11de-88e0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{802cca42-ee10-11de-88e0-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2002.08.29 14:00:00 | 002,580,480 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{9cdad480-9371-11e1-89e1-a0d6153ed3fb}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdad480-9371-11e1-89e1-a0d6153ed3fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cdad480-9371-11e1-89e1-a0d6153ed3fb}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.24 10:37:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.07.24 08:56:58 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.23 13:33:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
[2012.07.23 13:32:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.23 13:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.23 13:32:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.23 13:32:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.20 21:22:16 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.18 03:05:08 | 000,000,000 | ---D | C] -- C:\Programme\Konami
[2012.07.10 23:09:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\riotsGamesLogs
[2012.07.01 17:51:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\InstallShare
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.24 08:58:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.24 08:50:49 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.07.24 08:44:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.23 13:47:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.07.23 13:32:38 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.23 13:14:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.21 13:09:24 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kp_0loor.pad
[2012.07.21 03:44:21 | 000,000,029 | ---- | M] () -- C:\WINDOWS\SMEIST.INI
[2012.07.20 17:14:24 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.20 11:29:12 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.07.19 00:01:26 | 000,000,040 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zksikmgxgmrotpr
[2012.07.13 18:52:31 | 000,140,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Running_Order_2012.pdf
[2012.07.11 09:50:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.11 09:50:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.11 09:48:54 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.11 00:19:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.27 14:42:01 | 000,046,816 | ---- | M] (Norman ASA) -- C:\WINDOWS\System32\drivers\nvcw32mf.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.23 13:32:38 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.23 13:32:30 | 006,803,700 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\rules.ref
[2012.07.20 17:14:24 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kp_0loor.pad
[2012.07.20 17:14:24 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.19 00:01:26 | 000,000,040 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zksikmgxgmrotpr
[2012.07.13 18:52:31 | 000,140,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Running_Order_2012.pdf
[2012.06.18 18:59:54 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2012.06.18 18:59:54 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2012.06.18 18:59:41 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\$_hpcst$.hpc
[2012.06.06 17:56:06 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2012.06.01 13:52:18 | 000,076,226 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\final_bstSnapshot_52091.jpg
[2012.05.28 20:13:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2012.05.01 11:40:12 | 000,016,037 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwlanusbn.bin
[2012.04.29 20:05:14 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2011.10.11 15:23:03 | 000,000,029 | ---- | C] () -- C:\WINDOWS\SMEIST.INI
< End of report >
--- --- ---
und Nummer 2 (Extras):
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 24.07.2012 10:44:07 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 77,87% Memory free
5,09 Gb Paging File | 4,53 Gb Available in Paging File | 88,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 409,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
Drive D: | 533,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,84 Gb Total Space | 1,82 Gb Free Space | 98,82% Space Free | Partition Type: FAT
Computer Name: BENUTZER-5FD411 | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Sierra\Empire Earth\Launcher.exe" = C:\Sierra\Empire Earth\Launcher.exe:*:Enabled:Empire Earth -- ()
"C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" = C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi
"C:\Program Files\ASUS\Ai Suite\AiSuite.exe" = C:\Program Files\ASUS\Ai Suite\AiSuite.exe:*:Enabled:AI Suite v1.03.17
"C:\Sierra\Empire Earth\Empire Earth.exe" = C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam
"C:\Programme\Steam\SteamApps\common\call of duty black ops\BlackOps.exe" = C:\Programme\Steam\SteamApps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops
"C:\Programme\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe" = C:\Programme\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{5C83944D-5319-4AD6-A803-C08446B27596}" = BlueStacks
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"ie8" = Windows Internet Explorer 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RealPlayer 15.0" = RealPlayer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.07.2012 16:06:42 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:42] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:42 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:42] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:43 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:43] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:43 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:43] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:44 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:44] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:44 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:44] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:45 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:45] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:45 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:45] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:46 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:46] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/ZBot.VAL'
Error - 21.07.2012 08:18:27 | Computer Name = BENUTZER-5FD411 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ntvdm.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
[ System Events ]
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:03 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
< End of report >
--- --- ---
Edit:
Habe beim OTL Scan die Einstellungen übersehen hier nochma neu: Code:
OTL logfile created on: 24.07.2012 11:05:53 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 77,53% Memory free
5,09 Gb Paging File | 4,50 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 409,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
Drive D: | 533,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: BENUTZER-5FD411 | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found
PRC - C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Norman\nvc\bin\nvcoas.exe (Norman ASA)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Programme\Norman\nvc\bin\nhs.exe ()
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Norman\Npm\Bin\zlh.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\njeeves.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Norman\Ngs\Bin\nnf.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)
PRC - C:\Programme\Norman\Ngs\Bin\nprosec.exe (Norman ASA)
PRC - C:\Programme\Norman\nvc\bin\cclaw.exe (Norman ASA)
PRC - C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
PRC - C:\Programme\Norman\Nse\Bin\nsesvc.exe (Norman ASA)
PRC - C:\Programme\Norman\Npc\Bin\nuaa.exe (Norman ASA)
PRC - C:\Programme\Norman\Npf\Bin\npfsvc32.exe (Norman ASA)
PRC - C:\Programme\Norman\Npc\Bin\npcsvc32.exe (Norman ASA)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\rool0_pk.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\HD-LogRotatorService\3c6d0c1ef8cb45a912bc2974875f5bf6\HD-LogRotatorService.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Programme\Norman\nvc\bin\nhs.exe ()
MOD - C:\Programme\Norman\Npm\Bin\njeeves.exe ()
MOD - C:\Programme\Norman\Npm\Bin\noemrc.dll ()
MOD - C:\Programme\Norman\nvc\bin\ndlg.dll ()
MOD - C:\Programme\Norman\Npm\Bin\libxml2.dll ()
MOD - C:\Programme\Norman\Npm\Bin\nqtcore4.dll ()
MOD - C:\Programme\Norman\Npm\Bin\lua.dll ()
MOD - C:\Programme\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll ()
MOD - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (nvcoas) -- C:\Programme\Norman\nvc\bin\nvcoas.exe (Norman ASA)
SRV - (BstHdLogRotatorSvc) -- C:\Programme\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Programme\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (NHS) -- C:\Programme\Norman\nvc\bin\nhs.exe ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\zanda.exe (Norman ASA)
SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\njeeves.exe ()
SRV - (NNFSVC) -- C:\Programme\Norman\Ngs\Bin\nnf.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA)
SRV - (NVOY) -- C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA)
SRV - (NPROSECSVC) -- C:\Programme\Norman\Ngs\Bin\nprosec.exe (Norman ASA)
SRV - (Scheduler) -- C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (nsesvc) -- C:\Programme\Norman\Nse\Bin\nsesvc.exe (Norman ASA)
SRV - (NUAA) -- C:\Programme\Norman\Npc\Bin\nuaa.exe (Norman ASA)
SRV - (NPFSvc32) -- C:\Programme\Norman\Npf\Bin\npfsvc32.exe (Norman ASA)
SRV - (NPC) -- C:\Programme\Norman\Npc\Bin\npcsvc32.exe (Norman ASA)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (EverestDriver) -- c:\cpustab\kerneld.wnt File not found
DRV - (cpuz135) -- C:\DOKUME~1\Besitzer\LOKALE~1\Temp\cpuz135\cpuz135_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (BstHdDrv) -- C:\Programme\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nregsec) -- C:\Programme\Norman\Ngs\Bin\nregsec.sys (Norman ASA)
DRV - (NPROSEC) -- C:\Programme\Norman\Ngs\Bin\nprosec.sys (Norman ASA)
DRV - (NGS) -- c:\Programme\Norman\Ngs\Bin\ngs.sys (Norman ASA)
DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\ndiskio.sys (Norman ASA)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (TDI_RD) -- C:\WINDOWS\system32\drivers\tdi_rd.sys (Norman ASA)
DRV - (NDIS_RD) -- C:\WINDOWS\System32\drivers\ndis_rd.sys (Norman ASA)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (fwlanusbn) -- C:\WINDOWS\system32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\OVSound2.sys (Microsoft Corporation)
DRV - (QCAbsee) Logitech QuickCam Web (0801) -- C:\WINDOWS\system32\drivers\OVCA.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{435BA806-9EFA-493B-953A-C2EA7300C77F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Programme\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2011.11.09 19:44:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.01 13:12:55 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Programme\mozilla firefox\plugins\npmieze.dll
[2012.06.13 10:14:23 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll
O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NPCTray] C:\Programme\Norman\npc\bin\npc_tray.exe (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Programme\Norman\npc\bin\nlf.dll (Norman ASA)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.21 11:20:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002.08.29 14:00:00 | 000,000,112 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{802cca42-ee10-11de-88e0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{802cca42-ee10-11de-88e0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{802cca42-ee10-11de-88e0-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2002.08.29 14:00:00 | 002,580,480 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{9cdad480-9371-11e1-89e1-a0d6153ed3fb}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdad480-9371-11e1-89e1-a0d6153ed3fb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9cdad480-9371-11e1-89e1-a0d6153ed3fb}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.24 10:37:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.07.24 08:56:58 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.23 13:33:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
[2012.07.23 13:32:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.23 13:32:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.23 13:32:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.23 13:32:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.20 21:22:16 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.18 03:05:08 | 000,000,000 | ---D | C] -- C:\Programme\Konami
[2012.07.10 23:09:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\riotsGamesLogs
[2012.07.01 17:51:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\InstallShare
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.24 08:58:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.24 08:50:49 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.07.24 08:44:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.23 13:47:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.07.23 13:32:38 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.23 13:14:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.21 13:09:24 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kp_0loor.pad
[2012.07.21 03:44:21 | 000,000,029 | ---- | M] () -- C:\WINDOWS\SMEIST.INI
[2012.07.20 17:14:24 | 000,001,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.20 11:29:12 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.07.19 00:01:26 | 000,000,040 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zksikmgxgmrotpr
[2012.07.13 18:52:31 | 000,140,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Running_Order_2012.pdf
[2012.07.11 09:50:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.07.11 09:50:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.07.11 09:48:54 | 000,134,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.11 00:19:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.27 14:42:01 | 000,046,816 | ---- | M] (Norman ASA) -- C:\WINDOWS\System32\drivers\nvcw32mf.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.23 13:32:38 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.23 13:32:30 | 006,803,700 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\rules.ref
[2012.07.20 17:14:24 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kp_0loor.pad
[2012.07.20 17:14:24 | 000,001,616 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.19 00:01:26 | 000,000,040 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\zksikmgxgmrotpr
[2012.07.13 18:52:31 | 000,140,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Running_Order_2012.pdf
[2012.06.18 18:59:54 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2012.06.18 18:59:54 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2012.06.18 18:59:41 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\$_hpcst$.hpc
[2012.06.06 17:56:06 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2012.06.01 13:52:18 | 000,076,226 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\final_bstSnapshot_52091.jpg
[2012.05.28 20:13:18 | 000,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2012.05.01 11:40:12 | 000,016,037 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwlanusbn.bin
[2012.04.29 20:05:14 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2011.10.11 15:23:03 | 000,000,029 | ---- | C] () -- C:\WINDOWS\SMEIST.INI
========== LOP Check ==========
[2012.06.01 13:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BlueStacks
[2012.01.24 19:49:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012.06.18 19:01:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.06.18 11:58:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania
[2012.06.08 12:46:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DesktopIconForAmazon
[2011.12.03 11:27:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoft
[2011.12.03 11:27:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.07.18 13:29:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ICQ
[2010.08.11 19:49:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Leadertech
[2012.06.03 10:29:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\loadtbs
[2012.05.22 14:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\LolClient
[2012.05.24 08:11:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\LolClient2
[2010.05.15 18:03:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mumble
[2012.06.06 17:55:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OCS
[2010.08.20 19:36:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org
[2012.06.06 17:56:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Opera
[2012.05.29 22:49:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Oracle
[2012.06.18 19:01:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\PC Suite
[2012.06.25 00:42:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Samsung
[2010.04.24 18:41:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\TS3Client
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 24.07.2012 11:05:53 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 77,53% Memory free
5,09 Gb Paging File | 4,50 Gb Available in Paging File | 88,45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 409,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
Drive D: | 533,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: BENUTZER-5FD411 | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Sierra\Empire Earth\Launcher.exe" = C:\Sierra\Empire Earth\Launcher.exe:*:Enabled:Empire Earth -- ()
"C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" = C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi
"C:\Program Files\ASUS\Ai Suite\AiSuite.exe" = C:\Program Files\ASUS\Ai Suite\AiSuite.exe:*:Enabled:AI Suite v1.03.17
"C:\Sierra\Empire Earth\Empire Earth.exe" = C:\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam
"C:\Programme\Steam\SteamApps\common\call of duty black ops\BlackOps.exe" = C:\Programme\Steam\SteamApps\common\call of duty black ops\BlackOps.exe:*:Enabled:Call of Duty: Black Ops
"C:\Programme\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe" = C:\Programme\Steam\SteamApps\common\call of duty black ops\BlackOpsMP.exe:*:Enabled:Call of Duty: Black Ops - Multiplayer
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{5C83944D-5319-4AD6-A803-C08446B27596}" = BlueStacks
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"ie8" = Windows Internet Explorer 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"RealPlayer 15.0" = RealPlayer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.07.2012 16:06:42 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:42] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:42 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:42] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:43 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:43] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:43 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:43] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:44 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:44] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:44 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:44] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:45 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:45] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:45 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:45] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/Krypt.FO'
Error - 20.07.2012 16:06:46 | Computer Name = BENUTZER-5FD411 | Source = NormanNPT | ID = 131073
Description = Event message [2012/07/20 22:06:46] --------------------------------------------------------
Application:
On-demand scanner Node address: 00000000:000000000000 --------------------------------------------------------
Warning:
Virus Virus name: 'W32/ZBot.VAL'
Error - 21.07.2012 08:18:27 | Computer Name = BENUTZER-5FD411 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ntvdm.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x00012afb.
[ System Events ]
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:02 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
Error - 23.07.2012 07:44:03 | Computer Name = BENUTZER-5FD411 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126
< End of report >
|
