Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
AntiVir Meldung TR/Monder.drip, .dirr, .divi

AntiVir Meldung TR/Monder.drip, .dirr, .divi


Plagegeister aller Art und deren Bekämpfung: AntiVir Meldung TR/Monder.drip, .dirr, .divi

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.07.2010, 11:09   #1
McRAE
 
AntiVir Meldung TR/Monder.drip, .dirr, .divi - Standard

AntiVir Meldung TR/Monder.drip, .dirr, .divi


guten Tag,

Ich benötige bitte dringend eure hilfe da es meinen Rechner auf Arbeit betrifft wäre eine Neuinstallation sehr doof ...

Ich habe seit Samstag probleme mit dem Rechner angefangen hat es mit ständig öffnenden Internetseiten vom IE

Heute starte ich den PC und AntiVir bringt folgende Meldungungen
TR/Monder.drip
TR/Monder.dirr
TR/Monder.divi
ich habe natürlich auf Löschen geklickt aber die Meldungen kamen immer und immer wieder ...

als ich Mozilla oder auch den IE öffnen möchte schließen die Browser einfach wieder bis ich AntiVir ausgemacht habe ... damit ich mich im Internet belesen kann und dann bin ich zu diesen Forum gestoßen ...

zu den was ich bisher gemacht habe:
CCleaner:
CCleaner ausgeführt
und Registry bereinigt
eine Registrymeldung kommt allerdings immerwieder:
Ungenutzte Datei-Endungen - {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79} - HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

Malwarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4277

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

05.07.2010 10:54:59
mbam-log-2010-07-05 (10-54-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143297
Laufzeit: 5 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 8
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11

Infizierte Speicherprozesse:
C:\WINDOWS\Qcodaa.exe (Trojan.FraudPack) -> Unloaded process successfully.
D:\TEMP\Qk1.exe (Trojan.FraudPack) -> Unloaded process successfully.

Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewabqaf7kl (Trojan.FraudPack) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\BAUMSC~1\ANWEND~1\MACROM~1\Common\ada280241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\aux2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\BAUMSC~1\ANWEND~1\MACROM~1\Common\ada280241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\BAUMSC~1\ANWEND~1\MACROM~1\Common\ada280241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midi2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\BAUMSC~1\ANWEND~1\MACROM~1\Common\ada280241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\BAUMSC~1\ANWEND~1\MACROM~1\Common\ada280241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\mixer2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\BAUMSC~1\ANWEND~1\MACROM~1\Common\ada280241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1 (Hijack.Sound) -> Bad: (C:\DOKUME~1\BAUMSC~1\ANWEND~1\MACROM~1\Common\ada280241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave2 (Hijack.Sound) -> Bad: (C:\DOKUME~1\BAUMSC~1\ANWEND~1\MACROM~1\Common\ada280241.dll) Good: (wdmaud.drv) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\Qcodaa.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.
D:\TEMP\Qk1.exe (Trojan.FraudPack) -> Delete on reboot.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Common\ada280241.dll (Hijack.Sound) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\rasqervy.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sdfinacs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\sdfixwcs.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
danach Neustart

nach dem Neustart kam keine AntiVir Meldung mehr

OTL
gesscant
Code:
ATTFilter
OTL logfile created on: 05.07.2010 11:23:24 - Run 1
OTL by OldTimer - Version 3.2.7.1     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,36 Gb Total Space | 45,76 Gb Free Space | 64,12% Space Free | Partition Type: NTFS
Drive D: | 71,82 Gb Total Space | 70,08 Gb Free Space | 97,58% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ACER-418692E726
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - D:\Programme\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\KMSTMNW.EXE (KYOCERA MITA Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\KMSTMVM.EXE (KYOCERA MITA Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
PRC - C:\WINDOWS\system32\Crypserv.exe (Kenonic Controls Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\spoolss.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\KMPJLMN.DLL (KYOCERA MITA Corporation)
MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AAV UpdateService) -- D:\Programme\AAVUpdateManager\aavus.exe ()
SRV - (SerialKeys) -- C:\WINDOWS\system32\skeys.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (AWService) -- C:\Acer\LANScope Agent\awServ.exe (OSA Technologies Inc., An Avocent Company)
SRV - (LightScribeService) -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (Kenonic Controls Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (psdvdisk) -- C:\WINDOWS\System32\Drivers\psdvdisk.sys File not found
DRV - (psdfilter) -- C:\WINDOWS\System32\Drivers\psdfilter.sys File not found
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (fxusbase) -- C:\WINDOWS\system32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (UDXTTM6000) -- C:\WINDOWS\system32\drivers\UDXTTM6000.sys ()
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (netlock) -- C:\WINDOWS\system32\drivers\NetLock.sys (OSA Technologies, An Avocent Company)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) Server 2003 DDK provider)
DRV - (netlimiter) -- C:\WINDOWS\system32\drivers\NetLimiter.sys ()
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (UDXTTM6000HID) -- C:\WINDOWS\system32\drivers\UDXTTM6000HID.sys (DTV-DVB)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toner-dumping.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaultthis.engineName: "OnkelzRockRadio Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.tonerdumping.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {76661027-4c09-46f2-9769-df8bab905c03}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.28 15:49:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.02 09:01:50 | 000,000,000 | ---D | M]
 
[2008.08.11 15:34:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.07.02 09:05:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\c30n23mb.default\extensions
[2009.09.02 09:31:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\c30n23mb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.03 18:55:41 | 000,000,000 | ---D | M] (OnkelzRockRadio Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\c30n23mb.default\extensions\{76661027-4c09-46f2-9769-df8bab905c03}
[2010.01.11 17:21:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\c30n23mb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.07.10 14:14:05 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\c30n23mb.default\searchplugins\ask.xml
[2010.01.20 14:23:52 | 000,000,931 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\c30n23mb.default\searchplugins\conduit.xml
[2010.07.02 15:24:56 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\c30n23mb.default\searchplugins\icqplugin.xml
[2010.07.02 09:05:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 09:01:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.02 09:00:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.26 10:14:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.26 10:14:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.26 10:14:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.26 10:14:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.26 10:14:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.07.10 15:19:30 | 000,317,135 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 10878 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdminWorks Tray] C:\Acer\LANScope Agent\awtray.exe (OSA Technologies Inc., An Avocent Company)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PPoker\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PPoker\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} hxxp://icq.oberon-media.com//online/online2/diner_dash_flo_on_the_go/ddfotg.1.0.0.33.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Bilder\Microsoft Clip Organizer\CG2AA.png
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.10.13 06:19:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{dd0aca5c-5f2d-11df-a147-001c252e78f3}\Shell\AutoRun\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{dd0aca5c-5f2d-11df-a147-001c252e78f3}\Shell\menu1\command - "" = F:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{dfbf3e11-12de-11de-9fc6-001c252e78f3}\Shell\Auto\command - "" = RavMon.exe e
O33 - MountPoints2\{dfbf3e11-12de-11de-9fc6-001c252e78f3}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.05 11:04:17 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.07.05 10:36:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.07.05 10:36:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.05 10:36:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.05 10:35:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.05 10:35:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.05 09:00:53 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.07.02 17:26:59 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.07.02 09:01:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.07.02 09:01:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.07.02 09:01:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.07.02 09:01:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.06.29 12:55:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Angebot Nicole
[2010.06.28 13:01:51 | 000,000,000 | ---D | C] -- C:\Programme\Kyocera
[2010.06.17 18:29:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.17 14:13:12 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.06.17 14:13:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2010.06.17 14:12:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\AOL
[2010.06.17 14:12:20 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.05 11:24:52 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\~$u Microsoft Office Word-Dokument.docx
[2010.07.05 11:23:13 | 000,705,731 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Rechnung TKB Version PDF.xlsm
[2010.07.05 11:21:54 | 000,000,053 | ---- | M] () -- C:\WINDOWS\KMSTMVM.ini
[2010.07.05 11:21:21 | 001,231,872 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesamtliste.xls
[2010.07.05 11:12:50 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.07.05 11:12:09 | 000,000,516 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.07.05 11:12:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.05 11:11:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.05 11:11:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.05 11:11:31 | 2674,184,192 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.05 11:10:33 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010.07.05 11:08:36 | 010,223,616 | ---- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat
[2010.07.05 11:08:36 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.07.05 11:04:21 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.07.05 11:02:57 | 000,013,184 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Neu Microsoft Office Word-Dokument.docx
[2010.07.05 10:36:03 | 000,000,680 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.05 09:28:17 | 003,726,348 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Cofi.exe.exe
[2010.07.05 09:01:40 | 000,118,957 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\cc_20100705_0901.reg
[2010.07.05 08:57:04 | 000,000,165 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\~$Rechnung TKB Version PDF.xlsm
[2010.07.03 14:03:27 | 000,176,128 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Monatsabrechung Baumi  Juli 2010.xls
[2010.07.02 09:00:41 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.07.02 09:00:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.07.02 09:00:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.07.02 09:00:41 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.07.02 09:00:40 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.06.30 16:41:43 | 000,079,360 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.23 18:35:15 | 001,188,074 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 18:35:15 | 000,521,930 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.23 18:35:15 | 000,492,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 18:35:15 | 000,110,734 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.23 18:35:15 | 000,091,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.23 18:01:42 | 000,024,685 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Arbeitsplan.xlsx
[2010.06.18 09:03:50 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.06.12 09:15:19 | 000,350,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.11 15:56:10 | 000,261,852 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\WM Spielplan.pdf
[2010.06.10 16:48:04 | 000,978,817 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\etikettenneu22.5.2010.odt
[2010.06.07 09:39:21 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.05 11:24:52 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\~$u Microsoft Office Word-Dokument.docx
[2010.07.05 11:02:34 | 000,013,184 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Neu Microsoft Office Word-Dokument.docx
[2010.07.05 10:36:03 | 000,000,680 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.05 09:28:03 | 003,726,348 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Cofi.exe.exe
[2010.07.05 09:01:21 | 000,118,957 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\cc_20100705_0901.reg
[2010.07.05 08:57:04 | 000,000,165 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\~$Rechnung TKB Version PDF.xlsm
[2010.06.28 13:17:04 | 000,000,053 | ---- | C] () -- C:\WINDOWS\KMSTMVM.ini
[2010.06.16 13:40:35 | 001,231,872 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Gesamtliste.xls
[2010.06.11 15:56:10 | 000,261,852 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\WM Spielplan.pdf
[2010.06.10 16:47:43 | 000,978,817 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\etikettenneu22.5.2010.odt
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.02.16 15:30:12 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.11.20 14:58:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.11.20 14:55:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDESX100DEFGIPS.ini
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.05.02 09:07:46 | 000,320,384 | R--- | C] () -- C:\WINDOWS\System32\drivers\UDXTTM6000.sys
[2008.12.30 16:15:12 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008.12.18 15:38:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.11.24 11:03:33 | 000,000,059 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008.11.24 11:03:30 | 000,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008.11.24 11:03:30 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008.11.15 11:03:07 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.08.08 11:53:53 | 000,000,196 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008.07.23 18:50:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.07.23 18:47:34 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.07.20 17:49:58 | 000,000,046 | ---- | C] () -- C:\WINDOWS\commercial.ini
[2007.10.13 07:13:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.10.13 06:54:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2007.10.13 06:53:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2007.10.13 06:53:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2007.10.13 06:53:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2007.06.21 20:57:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4847.dll
[2006.10.03 11:03:14 | 000,018,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\NetLimiter.sys
[2006.08.28 05:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2006.05.17 22:28:14 | 000,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2005.10.26 07:25:28 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.01.06 06:08:38 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004.08.04 06:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.12.21 13:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2006.01.02 10:27:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avocent AdminWorks
[2009.11.20 18:03:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2009.05.18 10:51:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSobi
[2010.06.17 14:13:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.04.04 10:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2002.02.02 02:15:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Toner dumping Kompass
[2009.09.08 10:48:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2006.01.02 10:27:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009.09.08 10:49:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.03.05 10:38:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2006.01.02 10:27:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avocent AdminWorks
[2008.12.30 16:19:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\concept design
[2008.12.01 11:15:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\eSobi
[2010.07.03 09:44:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2008.10.10 15:24:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LG Electronics
[2008.08.22 12:57:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller
[2009.01.26 14:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2009.09.08 10:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2010.07.02 15:44:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\UseNeXT
[2010.07.05 11:12:09 | 000,000,516 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2010.07.05 11:12:50 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:96D5714D3F066C18
< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 05.07.2010 11:23:24 - Run 1
OTL by OldTimer - Version 3.2.7.1     Folder = C:\Dokumente und Einstellungen\Baumschulenstraße\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 71,36 Gb Total Space | 45,76 Gb Free Space | 64,12% Space Free | Partition Type: NTFS
Drive D: | 71,82 Gb Total Space | 70,08 Gb Free Space | 97,58% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ACER-418692E726
Current User Name: Baumschulenstraße
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9999:UDP" = 9999:UDP:*:Enabled:LANScope UDP Port
"2804:TCP" = 2804:TCP:*:Enabled:LANScope TCP Port
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\onlineTV 4\onlineTV.exe" = D:\onlineTV 4\onlineTV.exe:*:Enabled:onlineTV -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"D:\Xfire\xfire.exe" = D:\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"F:\DVAG Online-System\jre\jre-1.6.0.14\bin\javaw.exe" = F:\DVAG Online-System\jre\jre-1.6.0.14\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- File not found
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{163D5967-BA25-4D4F-9EC6-8410888C117F}" = Acer LANScope Agent
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}" = commercial
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9BB218C-2D4B-4FF4-97E2-2C7E3D1B2679}" = Acer eProtection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F860F390-78F4-4B45-8C1A-0489618E315B}" = Sygate Personal Firewall
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner (remove only)
"DivX Setup.divx.com" = DivX-Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"ie7" = Windows Internet Explorer 7
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{163D5967-BA25-4D4F-9EC6-8410888C117F}" = Acer LANScope Agent
"Kyocera FS-1100 / FS-1300D Printer Library" = Kyocera FS-1100 / FS-1300D Printer Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSNINST" = MSN
"PKR" = PKR
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel(R) PRO Network Connections Drivers
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.07.2010 06:44:43 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 03.07.2010 06:45:14 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
 faulting module emailscanner.dll, version 1.0.0.1, stamp 4bcdaaa7, debug? 0, fault
 address 0x0003fb95.
 
Error - 03.07.2010 06:45:16 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 03.07.2010 06:45:32 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
 faulting module emailscanner.dll, version 1.0.0.1, stamp 4bcdaaa7, debug? 0, fault
 address 0x0003fb95.
 
Error - 03.07.2010 06:45:36 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 5000
Description = EventType offdiag12, P1 a6f7df9f-308e-4600-957b-867f2a5b714b88aae00c-6db6-4a20-800d-fb80586e578c,
 P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 03.07.2010 06:45:36 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 03.07.2010 06:47:15 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
 faulting module emailscanner.dll, version 1.0.0.1, stamp 4bcdaaa7, debug? 0, fault
 address 0x0003fb95.
 
Error - 03.07.2010 06:47:17 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
Error - 03.07.2010 06:47:42 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
 faulting module emailscanner.dll, version 1.0.0.1, stamp 4bcdaaa7, debug? 0, fault
 address 0x0003fb95.
 
Error - 03.07.2010 06:47:44 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
 
[ OSession Events ]
Error - 03.07.2010 06:33:56 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.07.2010 06:34:05 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.07.2010 06:34:14 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.07.2010 06:34:26 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.07.2010 06:35:54 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.07.2010 06:44:40 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.07.2010 06:45:13 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.07.2010 06:45:31 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.07.2010 06:47:14 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.07.2010 06:47:41 | Computer Name = ACER-418692E726 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 26.06.2010 03:34:36 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service
 Pack 3 (KB955706)
 
Error - 28.06.2010 02:43:20 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service
 Pack 3 (KB955706)
 
Error - 28.06.2010 12:28:20 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service
 Pack 3 (KB955706)
 
Error - 29.06.2010 12:44:16 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service
 Pack 3 (KB955706)
 
Error - 30.06.2010 12:30:12 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service
 Pack 3 (KB955706)
 
Error - 01.07.2010 12:42:54 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service
 Pack 3 (KB955706)
 
Error - 02.07.2010 12:30:05 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service
 Pack 3 (KB955706)
 
Error - 05.07.2010 02:51:48 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service
 Pack 3 (KB955706)
 
Error - 05.07.2010 05:09:42 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
 "Automatische Updates" hergestellt werden, daher können Updates nicht nach dem 
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
 eine Verbindung herzustellen.
 
Error - 05.07.2010 05:10:33 | Computer Name = ACER-418692E726 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Microsoft SQL Server 2005 Express Edition Service
 Pack 3 (KB955706)
 
[ TuneUp Events ]
Error - 05.07.2010 04:05:26 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
 Started, '2010-07-05 10:05:26', 0, Resumed FROM ActiveApps WHERE ProcID=='4012';DELETE
 FROM ActiveApps WHERE ProcID=='4012';
 
Error - 05.07.2010 04:10:36 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 
10:10:36', '\device\harddiskvolume3\temp\qk1.exe','836',0)
 
Error - 05.07.2010 04:10:36 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
 Started, '2010-07-05 10:10:36', 0, Resumed FROM ActiveApps WHERE ProcID=='1964';DELETE
 FROM ActiveApps WHERE ProcID=='1964';
 
Error - 05.07.2010 04:11:21 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 
10:11:21', '\device\harddiskvolume2\programme\avira\antivir desktop\avwsc.exe','3724',0)
 
Error - 05.07.2010 04:11:26 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
 Started, '2010-07-05 10:11:26', 0, Resumed FROM ActiveApps WHERE ProcID=='3724';DELETE
 FROM ActiveApps WHERE ProcID=='3724';
 
Error - 05.07.2010 04:15:26 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 
10:15:26', '\device\harddiskvolume2\programme\ccleaner\ccleaner.exe','3680',0)
 
Error - 05.07.2010 04:17:56 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 
10:17:56', '\device\harddiskvolume2\windows\regedit.exe','236',0)
 
Error - 05.07.2010 04:18:01 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
 Started, '2010-07-05 10:18:01', 0, Resumed FROM ActiveApps WHERE ProcID=='236';DELETE
 FROM ActiveApps WHERE ProcID=='236';
 
Error - 05.07.2010 04:22:56 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 
10:22:56', '\device\harddiskvolume2\windows\system32\spool\drivers\w32x86\3\kmstmvm.exe','948',0)
 
Error - 05.07.2010 04:22:56 | Computer Name = ACER-418692E726 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 
10:22:56', '\device\harddiskvolume2\windows\system32\spool\drivers\w32x86\3\kmstmnw.exe','700',0)
 
 < End of report >
ich hoffe ihr könnt helfen danke schonmal
Geändert von McRAE (05.07.2010 um 11:21 Uhr)

 

Themen zu AntiVir Meldung TR/Monder.drip, .dirr, .divi
0 bytes, 0x00000001, acroiehelper.dll, ad-aware, adblock, adobe, alternate, antivir, appdatalow, avgntflt.sys, avira, browser, components, crypted, dringend, eigene bilder, einstellungen, email, encrypted, error, excel.exe, file is encrypted, firefox, firefox.exe, flash player, format, jusched.exe, location, logfile, malwarebytes' anti-malware, microsoft office 2003, mozilla, mssql, nicht möglich, object, office 2007, oldtimer, otl logfile, otl.exe, plug-in, ravmon.exe, realtek, registry, rundll, safer networking, saver, sched.exe, searchplugins, security, security update, server, shell32.dll, software, sptd.sys, symantec, system, temp, vlc media player, windows internet, windows internet explorer, {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}


« Suchmaschinen gehen nicht mehr | Internet Explorer öffnet sich selbst + Werbung »


Ähnliche Themen: AntiVir Meldung TR/Monder.drip, .dirr, .divi


  1. Antivir Boo/Dss.0 Meldung
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (2)
  2. TR/ATRAPS.Gen Meldung in Antivir
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (13)
  3. AntiVir TR/Dropper.gen Meldung
    Plagegeister aller Art und deren Bekämpfung - 13.03.2011 (9)
  4. Onlinebanking Problem und Antivir Meldung
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (9)
  5. JAVA/Agent.M.1 - Antivir Meldung
    Log-Analyse und Auswertung - 24.08.2010 (1)
  6. Antivir-Meldung: TR/PSW.Papras.AB
    Plagegeister aller Art und deren Bekämpfung - 21.08.2010 (26)
  7. Meldung von Antivir TRIDropAgen655824
    Plagegeister aller Art und deren Bekämpfung - 15.01.2010 (7)
  8. Trojaner Meldung bei AntiVir
    Log-Analyse und Auswertung - 27.12.2009 (41)
  9. AntiVir Guard - Nervige Meldung
    Antiviren-, Firewall- und andere Schutzprogramme - 13.02.2009 (15)
  10. AntiVir: Trojaner - Meldung
    Plagegeister aller Art und deren Bekämpfung - 18.10.2008 (2)
  11. AntiVir meldet: TR\Monder.set
    Plagegeister aller Art und deren Bekämpfung - 16.10.2008 (11)
  12. TR/Monder. bqt oder TR/Monder.142848
    Plagegeister aller Art und deren Bekämpfung - 13.08.2008 (1)
  13. TR/Dldr.CN.1 Antivir Meldung
    Plagegeister aller Art und deren Bekämpfung - 04.07.2008 (2)
  14. antivir notifyer meldung
    Antiviren-, Firewall- und andere Schutzprogramme - 17.09.2007 (4)
  15. Meldung von Dropper DR/180Solutions by AntiVir
    Log-Analyse und Auswertung - 02.03.2005 (7)
  16. Trojaner Dyfuca! Meldung von Antivir
    Log-Analyse und Auswertung - 15.02.2005 (6)
  17. DR 180 Solutions Meldung bei Antivir
    Log-Analyse und Auswertung - 24.01.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AntiVir Meldung TR/Monder.drip, .dirr, .divi - guten Tag, Ich benötige bitte dringend eure hilfe da es meinen Rechner auf Arbeit betrifft wäre eine Neuinstallation sehr doof ... Ich habe seit Samstag probleme mit dem Rechner angefangen - AntiVir Meldung TR/Monder.drip, .dirr, .divi...
Archiv
Du betrachtest: AntiVir Meldung TR/Monder.drip, .dirr, .divi auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131