| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Windows Crashes Deliverer" meldet verschiedene Virus-WarnungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.07.2011, 18:39
| #1 |
| |  "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Hallo  Bei mir hat sich vor kurzem beim Aufruf einer Seite, auf einmal ein Fenster geöffnet, dass mir angezeigt hat, dass sich auf meinem PC über 20 Viren befinden. Danach meldete sich ein Programm mit dem Namen "Windows Crashes Deliverer", dass ein Systemcheck machen und Updates installieren wollte. Zusätzlich öffneten sich auch noch ständig "Warning!"-Fenster, die mir anzeigten, dass sich Viren auf meinem System befinden und in welchem Verzeichnis diese sind. Die Viren hatten u.a. die Bezeichnungen: - Trojan.MSIL.Agent - Trojan-Downloader.Win32.Agent - Virus.Win32.Sality AntiVir, dass ich installiert hatte, hat jedoch keinen der Viren finden oder entfernen können. Ich habe als ziemliche Computerlaie keine Ahnung was ich machen soll. Habe auch schon die Virenkennzeichunungen gegooglet, weiß jedoch nicht welcher Seite ich trauen kann. Verwende im übrigen Windows XP. Hoffe auf Hilfe und liebe Grüße  |
|
11.07.2011, 19:25
| #2 |
| /// TB-Ausbilder   | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt # 1: rKill verwenden Downloade Dir bitte rKill ( by Grinler ) von einem dieser Downloadspiegel.und speichere die Datei auf dem Desktop.
Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM) Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt # 3: Stoppen von Treibern mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button. Schritt # 4: GMER Rootkitscan Bitte
Schritt # 5: Benutzerdefinierter Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
svchost.exe
ctfmon.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
Schritt # 6: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
13.07.2011, 13:27
| #3 |
| | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Ich habe jetzt rKill installiert und es hat sich auch das schwarze Fenster geöffnet. Allerdings kam wenig später folgende Meldung:
__________________Code:
ATTFilter This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 13.07.2011 at 13:51:23.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
Rkill completed on 13.07.2011 at 13:51:30.
Code:
ATTFilter Ein Fehler ist aufgetreten, bitte geben Sie den folgenden Fehlercode an das Malwarebytes' Antimaleware Support-Team weiter.
PROGRAM_ERROR_UPDATING (11001, 0, Host not found)
Der angegebene Host ist unbekannt.
Das kam als Logdatei dabei raus: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 6705
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
13.07.2011 14:19:08
mbam-log-2011-07-13 (14-19-08).txt
Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|)
Durchsuchte Objekte: 84868
Laufzeit: 20 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\Maike\anwendungsdaten\microsoft\nldibg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Maike\anwendungsdaten\microsoft\pimujn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Maike\eigene dateien\downloads\freesystemscan.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Maike\lokale einstellungen\anwendungsdaten\Mozilla\Firefox\Profiles\yshxoyxc.default\Cache\6e09f2dcd01 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
|
|
13.07.2011, 19:07
| #4 |
| /// TB-Ausbilder | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Hallo Chleo, führe bitte noch Defogger, GMER und OTL wie beschrieben aus und poste die Logfiles. Vielen Dank. |
|
13.07.2011, 23:06
| #5 |
| | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Okay, hier erstmal das Logfile von defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:30 on 13/07/2011 (Rolf)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
13.07.2011, 23:07
| #6 |
| | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Gmer: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-13 23:42:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD2500JD-55HBB0 rev.08.02D08
Running: 75tmzi8f.exe; Driver: C:\DOKUME~1\Rolf\LOKALE~1\Temp\ugldrpob.sys
---- System - GMER 1.0.15 ----
SSDT F7C515CE ZwCreateKey
SSDT F7C515C4 ZwCreateThread
SSDT F7C515D3 ZwDeleteKey
SSDT F7C515DD ZwDeleteValueKey
SSDT F7C515E2 ZwLoadKey
SSDT F7C515B0 ZwOpenProcess
SSDT F7C515B5 ZwOpenThread
SSDT F7C515EC ZwReplaceKey
SSDT F7C515E7 ZwRestoreKey
SSDT F7C515D8 ZwSetValueKey
---- Kernel code sections - GMER 1.0.15 ----
.vmp2 C:\WINDOWS\system32\drivers\acedrv11.sys entry point in ".vmp2" section [0xEC68869D]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
13.07.2011, 23:14
| #7 |
| | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen OTL: 1.) OTL.Txt Code:
ATTFilter OTL logfile created on: 13.07.2011 23:51:31 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Dokumente und Einstellungen\Rolf\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,36 Mb Total Physical Memory | 438,86 Mb Available Physical Memory | 42,88% Memory free 2,41 Gb Paging File | 1,92 Gb Available in Paging File | 79,63% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,88 Gb Total Space | 155,20 Gb Free Space | 66,64% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 1,81 Gb Total Space | 1,56 Gb Free Space | 86,07% Space Free | Partition Type: FAT Computer Name: RSA | User Name: Rolf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.13 22:31:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rolf\Desktop\OTL.exe PRC - [2011.04.27 13:05:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.01 15:23:43 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.01.21 16:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe PRC - [2010.11.07 11:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe PRC - [2010.11.06 13:31:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.05.21 01:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 01:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.02.18 12:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.07.13 13:33:14 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmon.exe PRC - [2006.07.13 13:26:10 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\lxczbmgr.exe PRC - [2004.08.04 01:58:14 | 000,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slserv.exe PRC - [2004.07.30 15:10:00 | 001,123,840 | ---- | M] (Pinnacle Systems GmbH.) -- C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe PRC - [2004.05.06 15:14:30 | 000,772,096 | ---- | M] (Pinnacle Systems) -- C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe PRC - [2003.08.19 17:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\lxbkbmon.exe PRC - [2003.08.19 16:51:44 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe PRC - [2003.03.19 11:55:54 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe ========== Modules (SafeList) ========== MOD - [2011.07.13 22:31:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rolf\Desktop\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2006.05.03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.27 13:05:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.01 15:23:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2004.10.26 10:46:02 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Service\Software Jukebox v2.0 Service File.exe -- (Software Jukebox v2.0 Service) SRV - [2004.08.04 01:58:14 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService) SRV - [2003.03.19 11:55:54 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2011.04.01 15:23:44 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.05 11:50:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2009.12.08 21:24:26 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- c:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008.04.13 20:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus) DRV - [2008.02.21 05:13:40 | 000,252,928 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2007.05.02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007.05.02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007.05.02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2004.09.29 14:22:22 | 000,800,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2004.09.13 17:03:36 | 001,266,752 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax) DRV - [2004.08.09 14:27:18 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004.08.03 23:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal) DRV - [2004.08.03 23:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup) DRV - [2004.08.03 23:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr) DRV - [2004.08.03 23:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax) DRV - [2004.08.03 23:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5) DRV - [2004.08.03 23:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent) DRV - [2004.08.03 23:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm) DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2004.08.03 11:10:34 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv) DRV - [2004.07.08 13:12:00 | 000,519,808 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2004.07.06 17:06:46 | 000,188,416 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw) DRV - [2004.03.17 15:10:40 | 000,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService) DRV - [2003.11.28 18:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K) DRV - [2003.08.01 14:47:24 | 000,029,239 | ---- | M] (Pinnacle Systems) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vobid.sys -- (VOBID) DRV - [2003.01.23 00:54:48 | 000,169,088 | R--- | M] (YAMAHA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=8c09e4bc000000000000001fcf121e41&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=8c09e4bc000000000000001fcf121e41&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.2.1:80 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=8c09e4bc000000000000001fcf121e41&tlver=1.4.19.19&ss=1&affID=17395" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=8c09e4bc000000000000001fcf121e41&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.03 15:36:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.23 23:41:07 | 000,000,000 | ---D | M] [2010.01.21 19:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Mozilla\Extensions [2011.03.23 23:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Mozilla\Firefox\Profiles\d0dxqoyb.default\extensions [2011.03.23 23:36:27 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Mozilla\Firefox\Profiles\d0dxqoyb.default\extensions\ffxtlbr@babylon.com [2011.03.23 23:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.22 16:57:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.01.22 16:57:30 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.01.22 16:57:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.23 23:36:28 | 000,002,428 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BabylonToolbar] C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [Cmaudio] File not found O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Programme\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKCU..\Run: [InstantTray] C:\Programme\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe (Pinnacle Systems) O4 - HKCU..\Run: [IW_Drop_Icon] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe (Pinnacle Systems GmbH.) O4 - HKCU..\Run: [RegistryBooster] C:\Programme\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\Rolf\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Rolf\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Rolf\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.10.26 09:56:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{830bc546-28a8-11d9-a134-001109864a49}\Shell\AutoRun\command - "" = K:\setupSNK.exe O33 - MountPoints2\{9fa271e0-28b0-11d9-a135-001109864a49}\Shell\AutoRun\command - "" = L:\setupSNK.exe O33 - MountPoints2\{b818349b-2984-11d9-a139-806d6172696f}\Shell\AutoRun\command - "" = G:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1 ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.13 23:43:44 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rolf\Desktop\OTL.exe [2011.07.13 15:27:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Avira [2011.07.13 13:53:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Malwarebytes [2011.07.13 13:53:00 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.07.13 13:53:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.07.13 13:52:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.07.13 13:52:56 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.07.13 13:52:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.07.13 13:49:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2004.12.03 20:24:30 | 000,014,968 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys [2004.10.25 10:18:35 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.13 23:40:11 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.07.13 23:40:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.07.13 23:33:13 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job [2011.07.13 23:32:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.07.13 23:32:56 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys [2011.07.13 23:29:23 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Rolf\defogger_reenable [2011.07.13 22:31:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rolf\Desktop\OTL.exe [2011.07.13 22:31:22 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Rolf\Desktop\75tmzi8f.exe [2011.07.13 13:53:00 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.13 13:44:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.07.13 12:58:46 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Rolf\Desktop\Defogger.exe [2011.07.13 12:01:56 | 001,008,041 | ---- | M] () -- C:\Dokumente und Einstellungen\Rolf\Desktop\rkill.com [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.13 23:36:19 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Rolf\Desktop\75tmzi8f.exe [2011.07.13 23:29:23 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Rolf\defogger_reenable [2011.07.13 23:28:32 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Rolf\Desktop\Defogger.exe [2011.07.13 15:26:20 | 001,008,041 | ---- | C] () -- C:\Dokumente und Einstellungen\Rolf\Desktop\rkill.com [2011.07.13 13:53:00 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.12 19:58:59 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2010.12.12 19:57:41 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.10.20 17:52:30 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini [2010.10.18 23:22:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll [2010.10.18 23:22:24 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini [2010.08.04 19:27:37 | 000,743,130 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2672590792-2860701973-2324908614-1006-0.dat [2010.08.04 13:02:55 | 000,353,578 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2010.07.10 23:29:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI [2010.07.10 23:10:26 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2010.01.21 19:49:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.06.23 19:28:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2007.09.29 16:25:54 | 000,000,056 | ---- | C] () -- C:\WINDOWS\SSB.ini [2006.02.04 17:42:05 | 000,000,106 | ---- | C] () -- C:\WINDOWS\XGUSB.INI [2006.01.14 22:25:44 | 000,000,622 | ---- | C] () -- C:\WINDOWS\DMN.INI [2006.01.01 23:36:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\MSFDM.INI [2005.05.22 22:02:54 | 000,017,850 | ---- | C] () -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\wklnhst.dat [2005.01.19 03:09:11 | 000,036,939 | ---- | C] () -- C:\WINDOWS\System32\insrepim.exe [2005.01.16 20:08:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini [2005.01.10 00:53:40 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2005.01.10 00:53:39 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2005.01.10 00:51:50 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2005.01.10 00:51:49 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2005.01.10 00:51:48 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2004.12.07 12:50:36 | 000,000,251 | ---- | C] () -- C:\Programme\wt3d.ini [2004.12.03 20:24:30 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll [2004.12.03 20:24:30 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe [2004.12.03 20:24:30 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe [2004.12.03 20:24:30 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll [2004.12.03 20:24:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SmCfg.exe [2004.11.30 21:33:19 | 000,000,692 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2004.11.21 07:46:49 | 000,035,522 | ---- | C] () -- C:\WINDOWS\System32\compare.dat [2004.11.21 07:46:32 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Rolf\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004.11.21 07:46:32 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Rolf\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2004.10.26 15:00:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.10.26 12:47:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004.10.26 12:47:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004.10.26 12:47:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004.10.26 12:47:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004.10.26 12:47:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004.10.26 12:47:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004.10.26 11:36:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe [2004.10.26 11:36:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2004.10.26 11:36:42 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin [2004.10.26 11:31:07 | 000,619,810 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.10.26 11:31:07 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.10.26 11:31:07 | 000,142,932 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.10.26 11:31:07 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.10.26 11:30:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.10.26 11:30:25 | 000,584,316 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.10.26 11:30:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.10.26 11:30:25 | 000,122,974 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.10.26 11:30:25 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.10.26 11:30:23 | 000,004,643 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.10.26 11:30:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.10.26 11:30:21 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.10.26 11:30:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.10.26 11:30:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.10.26 11:30:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.10.26 11:29:59 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.10.26 10:57:58 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2004.10.26 10:47:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.10.26 10:46:45 | 000,398,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.10.26 10:11:04 | 000,000,767 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004.10.26 09:59:48 | 000,000,816 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004.10.26 09:58:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004.10.26 09:52:55 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.10.26 09:51:40 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.10.20 11:59:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2004.10.01 09:11:20 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2004.05.03 14:19:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll [2003.11.10 16:06:08 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe [2003.08.18 16:55:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE [2003.08.18 16:55:02 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\LEXPING.EXE [2003.08.18 16:46:38 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL [2002.11.13 21:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll [2002.09.13 17:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini [2002.02.27 17:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL [2002.02.27 17:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL [2002.02.27 17:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL [2002.02.27 17:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL [2002.02.27 17:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL [2001.01.19 21:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE ========== LOP Check ========== [2004.11.30 21:44:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2010.07.10 23:28:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.08.04 12:32:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PreEmptive Solutions [2006.01.01 23:34:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yamaha [2011.02.19 18:43:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4} [2011.04.10 11:12:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\BabylonToolbar [2010.03.30 22:52:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\FreeArc [2004.10.26 10:25:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\InterVideo [2010.07.10 23:28:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\MAGIX [2009.07.22 11:59:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Neuratron [2011.01.22 17:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\OpenOffice.org [2010.07.10 23:30:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\ProtectDISC [2010.12.12 20:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Samsung [2005.01.07 01:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Steinberg [2005.05.22 22:02:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Template [2011.02.19 18:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\Uniblue [2006.01.01 20:14:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Rolf\Anwendungsdaten\yamaha [2011.07.13 23:33:13 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.04.15 17:08:02 | 000,000,000 | ---D | M] -- C:\530e6e7a01e85842688e4770 [2006.12.08 01:02:28 | 000,000,000 | ---D | M] -- C:\544d75b5bd06b394a2a3fb7230 [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\bsi [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\CMPNENTS [2011.05.11 19:36:25 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\DivX [2010.10.15 17:45:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\DotNet [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\FirstSteps [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\Inetpub [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\ISP [2010.12.06 23:47:24 | 000,000,000 | ---D | M] -- C:\KrisDir [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\Lexmark [2011.04.10 17:36:15 | 000,000,000 | ---D | M] -- C:\Maike [2010.08.03 17:00:17 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\MSWorks [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\MyDir [2009.02.28 13:47:15 | 000,000,000 | ---D | M] -- C:\Norman [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\NormanAV [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\Office11 [2011.01.22 16:56:15 | 000,000,000 | ---D | M] -- C:\OpenOffice.org 3.2 (de) Installation Files [2011.05.14 13:22:33 | 000,000,000 | ---D | M] -- C:\Ortrud [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\pmc [2011.07.13 13:52:56 | 000,000,000 | R--D | M] -- C:\Programme [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\PSFONTS [2010.12.06 23:47:20 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\RSA [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\samba [2010.12.06 23:47:24 | 000,000,000 | ---D | M] -- C:\SBSI [2011.06.03 11:44:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.01.08 23:42:41 | 000,000,000 | ---D | M] -- C:\temp [2010.12.06 23:47:20 | 000,000,000 | ---D | M] -- C:\VSUltimate2010DVD [2011.02.19 18:38:39 | 000,000,000 | ---D | M] -- C:\WINBEEP [2011.07.13 23:33:03 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2010.04.01 19:01:57 | 000,000,000 | ---D | M] -- C:\Programme\7-Zip [2004.11.30 21:44:55 | 000,000,000 | ---D | M] -- C:\Programme\ABBYY FineReader 5.0 Sprint [2004.11.30 21:44:37 | 000,000,000 | ---D | M] -- C:\Programme\ABBYY FineReader 6.0 [2011.03.23 23:39:37 | 000,000,000 | ---D | M] -- C:\Programme\Adobe [2008.06.06 22:59:38 | 000,000,000 | ---D | M] -- C:\Programme\Allegro 2005 Demo [2002.01.01 01:13:20 | 000,000,000 | ---D | M] -- C:\Programme\ATI Technologies [2010.02.20 00:09:29 | 000,000,000 | ---D | M] -- C:\Programme\Audacity [2009.11.15 18:28:09 | 000,000,000 | ---D | M] -- C:\Programme\Avira [2011.03.23 23:36:17 | 000,000,000 | ---D | M] -- C:\Programme\BabylonToolbar [2004.10.26 09:52:47 | 000,000,000 | ---D | M] -- C:\Programme\ComPlus Applications [2004.12.31 00:25:17 | 000,000,000 | ---D | M] -- C:\Programme\FaxTalk Communicator [2004.11.30 21:44:19 | 000,000,000 | ---D | M] -- C:\Programme\FaxTools [2010.05.11 22:36:51 | 000,000,000 | ---D | M] -- C:\Programme\Finale NotePad 2007 [2007.10.02 23:48:44 | 000,000,000 | ---D | M] -- C:\Programme\Finale PrintMusic 2007 Demo [2009.08.31 22:02:46 | 000,000,000 | ---D | M] -- C:\Programme\FMS [2010.03.30 22:52:43 | 000,000,000 | ---D | M] -- C:\Programme\FreeArc [2011.01.22 16:57:57 | 000,000,000 | ---D | M] -- C:\Programme\Gemeinsame Dateien [2004.10.26 14:40:32 | 000,000,000 | ---D | M] -- C:\Programme\GemMasterGerman [2004.10.26 14:40:29 | 000,000,000 | ---D | M] -- C:\Programme\GermanOtto [2010.01.30 17:13:22 | 000,000,000 | ---D | M] -- C:\Programme\Google [2005.01.16 20:33:49 | 000,000,000 | ---D | M] -- C:\Programme\HTML Help Workshop [2010.08.04 12:20:34 | 000,000,000 | ---D | M] -- C:\Programme\IIS [2010.12.12 19:57:24 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information [2011.04.15 22:49:39 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer [2004.10.29 10:34:07 | 000,000,000 | ---D | M] -- C:\Programme\InterVideo [2009.08.18 22:42:40 | 000,000,000 | ---D | M] -- C:\Programme\IPACS [2011.01.22 16:57:14 | 000,000,000 | ---D | M] -- C:\Programme\Java [2011.01.22 16:59:02 | 000,000,000 | ---D | M] -- C:\Programme\JRE [2009.08.09 16:44:06 | 000,000,000 | ---D | M] -- C:\Programme\Lame for Audacity [2010.10.18 23:22:45 | 000,000,000 | ---D | M] -- C:\Programme\Lexmark 1200 Series [2010.09.19 11:02:30 | 000,000,000 | ---D | M] -- C:\Programme\Lexmark X1100 Series [2010.07.10 23:28:44 | 000,000,000 | ---D | M] -- C:\Programme\MAGIX [2011.07.13 13:53:02 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2009.04.11 15:41:22 | 000,000,000 | ---D | M] -- C:\Programme\Messenger [2010.08.04 12:20:40 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft ASP.NET [2004.10.26 10:32:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft AutoRoute [2004.10.26 10:34:36 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Encarta [2010.08.04 12:13:59 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft F# [2004.10.26 09:56:16 | 000,000,000 | ---D | M] -- C:\Programme\microsoft frontpage [2004.10.26 10:42:13 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games [2010.08.04 12:08:36 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Help Viewer [2010.08.03 17:05:15 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office [2008.03.18 16:08:22 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Picture It! 10 [2010.08.04 12:33:08 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SDKs [2011.04.21 15:10:17 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight [2010.08.04 12:39:16 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server [2010.08.04 12:32:41 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server Compact Edition [2010.08.04 12:32:53 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Sync Framework [2010.08.04 12:32:42 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Synchronization Services [2004.10.26 10:10:08 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio [2005.01.16 20:53:29 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio .NET 2003 [2010.08.04 12:32:11 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio 10.0 [2010.08.03 22:53:40 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio 9.0 [2010.08.17 22:07:09 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works [2010.08.04 12:37:23 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET [2010.08.12 00:44:47 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker [2011.04.10 12:58:27 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox [2010.08.04 12:26:42 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild [2005.01.16 21:12:17 | 000,000,000 | ---D | M] -- C:\Programme\MSDN [2004.10.26 09:51:36 | 000,000,000 | ---D | M] -- C:\Programme\MSN [2004.10.26 09:51:45 | 000,000,000 | ---D | M] -- C:\Programme\MSN Gaming Zone [2006.12.08 01:02:26 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0 [2009.04.11 15:30:15 | 000,000,000 | ---D | M] -- C:\Programme\NetMeeting [2009.07.22 11:59:36 | 000,000,000 | ---D | M] -- C:\Programme\Neuratron PhotoScore MIDI Lite Demo [2004.10.26 09:52:33 | 000,000,000 | ---D | M] -- C:\Programme\Online Services [2004.10.26 09:54:24 | 000,000,000 | ---D | M] -- C:\Programme\Online-Dienste [2011.01.22 16:59:00 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3 [2010.12.16 22:08:38 | 000,000,000 | ---D | M] -- C:\Programme\Outlook Express [2004.10.26 13:10:33 | 000,000,000 | ---D | M] -- C:\Programme\Pinnacle [2005.12.17 22:26:32 | 000,000,000 | ---D | M] -- C:\Programme\PopTray [2004.11.21 07:46:07 | 000,000,000 | ---D | M] -- C:\Programme\Programmverknüpfungen [2010.07.10 23:30:10 | 000,000,000 | ---D | M] -- C:\Programme\ProtectDisc Driver Installer [2010.08.03 22:53:12 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies [2010.12.12 19:57:25 | 000,000,000 | ---D | M] -- C:\Programme\Samsung [2010.03.31 19:28:50 | 000,000,000 | ---D | M] -- C:\Programme\SevenZ [2006.01.01 19:59:15 | 000,000,000 | ---D | M] -- C:\Programme\Sibelius Software [2008.01.05 14:59:25 | 000,000,000 | ---D | M] -- C:\Programme\SmartScore 5.3 Songbook Edition Demo [2011.03.08 16:18:25 | 000,000,000 | ---D | M] -- C:\Programme\Sybex [2011.02.19 18:43:38 | 000,000,000 | ---D | M] -- C:\Programme\Uniblue [2004.10.26 09:59:30 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information [2007.12.27 13:21:18 | 000,000,000 | ---D | M] -- C:\Programme\WikipediaDVD [2004.10.26 09:55:57 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player [2009.04.11 15:30:09 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT [2004.10.26 09:52:13 | 000,000,000 | ---D | M] -- C:\Programme\Windows Plus [2004.10.26 09:54:28 | 000,000,000 | -H-D | M] -- C:\Programme\WindowsUpdate [2004.10.26 09:56:17 | 000,000,000 | ---D | M] -- C:\Programme\xerox [2006.01.01 19:50:42 | 000,000,000 | ---D | M] -- C:\Programme\YAMAHA Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: CTFMON.EXE > [2008.04.14 04:22:40 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=01B4E6E990B6C5EA8856D96C7FD044B2 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe [2008.04.14 04:22:40 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=01B4E6E990B6C5EA8856D96C7FD044B2 -- C:\WINDOWS\system32\ctfmon.exe [2004.08.10 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=7CE20569925DF6789C31799F0C538F29 -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe < MD5 for: EXPLORER.EXE > [2004.08.10 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\WINDOWS\Temp\RarSFX0\procs\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\WINDOWS\Temp\RarSFX0\h\explorer.exe < MD5 for: REGEDIT.EXE > [2004.08.10 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2004.08.10 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\I386\REGEDIT.EXE [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: SVCHOST.EXE > [2008.04.14 04:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008.04.14 04:23:02 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=4FBC75B74479C7A6F829E0CA19DF3366 -- C:\WINDOWS\system32\svchost.exe [2004.08.10 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=65A819B121EB6FDAB4400EA42BDFFE64 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\WINDOWS\Temp\RarSFX0\userinit.exe [2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\WINDOWS\Temp\RarSFX0\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 04:16:56 < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.07.2011 23:51:31 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Dokumente und Einstellungen\Rolf\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 438,86 Mb Available Physical Memory | 42,88% Memory free
2,41 Gb Paging File | 1,92 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 155,20 Gb Free Space | 66,64% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 1,81 Gb Total Space | 1,56 Gb Free Space | 86,07% Space Free | Partition Type: FAT
Computer Name: RSA | User Name: Rolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\ZENOREADER.EXE" = E:\ZENOREADER.EXE:*:Enabled:ZENOREADER
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{10610407-D00E-4B17-9143-961C4F317BC7}" = Visual Studio .NET Professional 2003 - German
"{1570DE88-A78A-37FD-8A05-92620D160CCA}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24201738-0888-48AE-8484-031CD1A90766}" = MSDN Library für Visual Studio .NET 2003 - Deutsch
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CAED17B-1A75-4890-A20E-5555A8C1B72D}" = YAMAHA Digital Music Notebook
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5.0
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{76409DA4-E9F8-4EB3-8FDC-51D576CD3353}" = Visual Studio.NET Baseline - German
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}" = Adobe Flash Player 9 ActiveX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe
"{8EAA9D70-C912-3708-92DD-0CCC26F386E1}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8EAC192B-1E5B-4276-A2D8-59A303ECD2DE}" = Visual J# .NET Redistributable 1.1- German Language Pack
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPROR_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A01872BE-2123-4F1B-B295-E3D1774DC0C9}" = Pinnacle InstantCD/DVD Suite
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4C88CF0-B617-4658-8F84-C4E847FBC9F7}" = Microsoft Managed DirectX (1126)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C2C95288-289B-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - German
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"1F811665-E818-4956-9173-35CD47C9DCE0" = Otto
"3D-Fahrschule 2" = 3D-Fahrschule 2
"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Allegro 2005 Demo" = Allegro 2005 Demo
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FaxTalk Communicator 4.5" = FaxTalk Communicator 4.5
"Finale NotePad 2007" = Finale NotePad 2007
"Finale PrintMusic 2007 Demo" = Finale PrintMusic 2007 Demo
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FMS" = FMS
"FreeArc" = FreeArc 0.60
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark 1200 Series" = Lexmark 1200 Series
"Lexmark X1100 Series" = Lexmark X1100 Series
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Music Maker 15 D" = MAGIX Music Maker 15 15.0.1.11 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Neuratron PhotoScore MIDI Lite Demo" = Neuratron PhotoScore MIDI Lite Demo
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"Sibelius Scorch" = Sibelius Scorch
"SLAMRNTV" = NetoDragon 56K Voice Modem
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"VISPROR" = Microsoft Office Visio Professional 2007
"Visual Studio .NET Professional 2003 - German" = Microsoft Visual Studio .NET Professional 2003 - Deutsch
"Windows XP Service Pack" = Windows XP Service Pack 3
"Zoo Tycoon 1.0" = Zoo Tycoon - Dinosaur Digs
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.07.2011 07:45:47 | Computer Name = RSA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung nldibg.exe, Version 0.0.0.0, fehlgeschlagenes
Modul nldibg.exe, Version 0.0.0.0, Fehleradresse 0x000c9ad7.
Error - 13.07.2011 07:50:48 | Computer Name = RSA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 0.0.0.0, fehlgeschlagenes
Modul iexplore.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Error - 13.07.2011 07:50:48 | Computer Name = RSA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 0.0.0.0, fehlgeschlagenes
Modul iexplore.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Error - 13.07.2011 07:50:48 | Computer Name = RSA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 0.0.0.0, fehlgeschlagenes
Modul iexplore.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Error - 13.07.2011 07:51:26 | Computer Name = RSA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pev.exe, Version 0.0.0.0, fehlgeschlagenes
Modul pev.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Error - 13.07.2011 07:51:28 | Computer Name = RSA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pev.exe, Version 0.0.0.0, fehlgeschlagenes
Modul pev.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Error - 13.07.2011 09:08:33 | Computer Name = RSA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 0.0.0.0, fehlgeschlagenes
Modul iexplore.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Error - 13.07.2011 09:09:10 | Computer Name = RSA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pev.exe, Version 0.0.0.0, fehlgeschlagenes
Modul pev.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Error - 13.07.2011 09:09:14 | Computer Name = RSA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pev.exe, Version 0.0.0.0, fehlgeschlagenes
Modul pev.exe, Version 0.0.0.0, Fehleradresse 0x00081683.
Error - 13.07.2011 17:48:51 | Computer Name = RSA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.26.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 03.06.2011 06:35:29 | Computer Name = RSA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 03.06.2011 08:03:00 | Computer Name = RSA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "VSS"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error - 03.06.2011 08:03:01 | Computer Name = RSA | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Volumeschattenkopie.
Error - 03.06.2011 08:03:01 | Computer Name = RSA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 13.07.2011 07:45:16 | Computer Name = RSA | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 13.07.2011 07:45:30 | Computer Name = RSA | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
Error - 13.07.2011 07:46:32 | Computer Name = RSA | Source = DCOM | ID = 10010
Description = Der Server "{7F6316B4-4D69-4765-B0A3-B2598F2FA80A}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 13.07.2011 08:23:40 | Computer Name = RSA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
Error - 13.07.2011 09:25:16 | Computer Name = RSA | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 13.07.2011 09:26:58 | Computer Name = RSA | Source = DCOM | ID = 10010
Description = Der Server "{7F6316B4-4D69-4765-B0A3-B2598F2FA80A}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
|
|
14.07.2011, 16:52
| #8 | |
| /// TB-Ausbilder | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Hallo Chleo, Kannst du Malwarebytes' Anti-Malware mittlerweile updaten? Zitat:
Schritt # 1: aswMBR.exe ausführen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt # 2: Systemscan mit OTL
Schritt # 3: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
15.07.2011, 16:56
| #9 |
| | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Hallo, Ich hab nochmal geguckt und hab gesehen, dass man bei Windows XP den Computer zu einem früheren Systempunkt wiederherstellen kann. Wenn ich das zu einem Zeitpunkt, an dem ich den Virus noch nicht hatte, machen würde, wäre dann auch der Virus weg? |
|
16.07.2011, 10:06
| #10 | ||
| /// TB-Ausbilder | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Hallo Chleo, Zitat:
Zitat:
Wenn dir eine Bereinigung zu lange dauert, dann gib mir bitte Bescheid. Es geht auch einfacher: Anleitung zum Neu aufsetzten Ich bitte um Rückmeldung. Vielen Dank. |
|
20.07.2011, 19:28
| #11 |
| /// TB-Ausbilder | "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu "Windows Crashes Deliverer" meldet verschiedene Virus-Warnungen |
| ahnung, angezeigt, aufruf, entferne, entfernen, fenster, gen, installieren, installiert, kurzem, liebe, melde, meldet, namen, programm, seite, troja, trojan-downloader.win32.agent, trojan.msil.agent, trojaner, updates, verschiedene, verzeichnis, viren, virus.win32.sality, warning, welchem, windows, windows crashes deliverer |
Textbox.
Linear-Darstellung
