Bundespolizei-Trojaner, Task Manager schließt, 0_0u_l.exe
Guten Abend!
Leider bin auch ich dem Bundespolizei-Trojaner auf dem Leim gegangen und hoffe in diesem Forum auf individuelle Hilfe. Natürlich habe ich mich durch diverse Threads diesbezüglich gelesen, jedoch wird gewarnt vor "Nachahmung". Deshalb erstelle ich noch einen Thread mit diesem, wohl schon leidigen, Thema.
Win7 64bit Laptop von ASUS.
Die Anleitung habe ich durchgearbeitet. Meine Schritte sahen wie folgt aus: Internetverbindung sofort gekappt, 0_0u_l.exe auch tatsächlich im Temp Ordner gefunden. Neuen Benutzer angelegt und von dort aus Anti-Malware durchlaufen lassen. Prompt gab es zwei Warnungen, die ich mit Anti-Malware gelöscht habe, nach einem Reboot.
Die Anti-Malware Logdatei (mir ist bewusst, dass die Datenbank nicht aktuell ist, aber sobald ich das LAN Kabel anschließe und updaten will, bricht der Prozess ab. Deshalb auch erstmal mit alter Datenbank probiert): Code:
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.05.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Anti :: LUKAS-PC [administrator]
Protection: Enabled
05.07.2012 18:35:15
mbam-log-2012-07-05 (18-35-15).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446994
Time elapsed: 51 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Users\Lukas\AppData\Local\Temp\0_0u_l.exe (Trojan.Agent) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Lukas\AppData\Local\Temp\0_0u_l.exe (Trojan.Agent) -> Delete on reboot.
(end)
Danach OTL ausgeführt und beide Logs folgen: Code:
OTL logfile created on: 7/5/2012 7:51:24 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Anti\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5.91 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.19% Memory free
11.83 Gb Paging File | 10.40 Gb Available in Paging File | 87.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 30.76 Gb Free Space | 26.41% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 303.07 Gb Free Space | 92.45% Space Free | Partition Type: NTFS
Computer Name: LUKAS-PC | User Name: Anti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/04 23:44:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Anti\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/09 19:51:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/20 16:53:47 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2011/03/04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/19 03:07:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/10/07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/09/24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/08/17 14:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/04/27 17:06:02 | 000,138,072 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe
PRC - [2010/04/27 16:57:32 | 000,247,152 | ---- | M] () -- C:\Program Files (x86)\Join Air\AssistantServices.exe
PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/31 20:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/09/24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010/04/27 17:06:02 | 000,138,072 | ---- | M] () -- C:\Program Files (x86)\Join Air\UIExec.exe
MOD - [2009/11/03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/11/30 23:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/04/17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/06/24 17:58:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 17:20:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/09 19:51:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/20 16:53:47 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/02/19 03:07:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/04/27 16:57:32 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/19 20:41:36 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/08 10:54:56 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/07/04 17:20:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/04 17:20:50 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/05/20 22:04:32 | 000,017,496 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr03.sys -- (chdrvr03)
DRV:64bit: - [2011/05/20 22:04:30 | 000,013,016 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr02.sys -- (chdrvr02)
DRV:64bit: - [2011/05/20 22:04:28 | 000,251,224 | ---- | M] (CH Products) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\chdrvr01.sys -- (chdrvr01)
DRV:64bit: - [2011/04/12 13:01:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/19 03:07:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/12/13 15:12:39 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/14 18:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/21 19:59:37 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/14 04:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/07 11:19:37 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/08/03 12:43:13 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/06/23 03:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/03/02 10:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/01/05 11:31:34 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/01/05 11:31:34 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/01/05 11:31:34 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/01/05 11:31:34 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009/07/21 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/07/26 13:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/01 11:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 12\spmplugin3 [2012/03/06 18:33:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/24 17:58:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/24 10:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/27 10:50:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2012/03/21 13:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/24 17:58:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 12:44:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/24 17:58:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/24 17:58:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/24 17:58:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/24 17:58:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/24 17:58:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/24 17:58:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 12\SPMIEToolbar.dll (Steganos Software GmbH)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe File not found
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Password Manager 12\SPMIEToolbar.dll (Steganos Software GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28D2AA82-5126-483A-837D-ACE31E1715F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE5579CC-F5A7-4729-B4D9-E5148A8C8DEC}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/05 19:36:14 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\Power2Go
[2012/07/05 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Roaming\Malwarebytes
[2012/07/05 18:26:16 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Anti\Desktop\malwarebytes_antimalware_1.61.exe
[2012/07/05 18:26:09 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Anti\Desktop\OTL.exe
[2012/07/05 18:25:20 | 000,000,000 | R--D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/05 18:25:20 | 000,000,000 | R--D | C] -- C:\Users\Anti\Searches
[2012/07/05 18:25:20 | 000,000,000 | R--D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/07/05 18:25:12 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Roaming\Identities
[2012/07/05 18:25:10 | 000,000,000 | R--D | C] -- C:\Users\Anti\Contacts
[2012/07/05 18:25:08 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\VirtualStore
[2012/07/05 18:25:02 | 000,000,000 | --SD | C] -- C:\Users\Anti\AppData\Roaming\Microsoft
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Videos
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Saved Games
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Pictures
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Music
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Links
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Favorites
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Downloads
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Documents
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\Desktop
[2012/07/05 18:25:02 | 000,000,000 | R--D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Vorlagen
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\AppData\Local\Verlauf
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\AppData\Local\Temporary Internet Files
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Startmenü
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\SendTo
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Recent
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Netzwerkumgebung
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Lokale Einstellungen
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Documents\Eigene Videos
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Documents\Eigene Musik
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Eigene Dateien
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Documents\Eigene Bilder
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Druckumgebung
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Cookies
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\AppData\Local\Anwendungsdaten
[2012/07/05 18:25:02 | 000,000,000 | -HSD | C] -- C:\Users\Anti\Anwendungsdaten
[2012/07/05 18:25:02 | 000,000,000 | -H-D | C] -- C:\Users\Anti\AppData
[2012/07/05 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\Temp
[2012/07/05 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Local\Microsoft
[2012/07/05 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Roaming\Media Center Programs
[2012/07/05 18:25:02 | 000,000,000 | ---D | C] -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2012/07/05 00:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KillProcess
[2012/07/04 23:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/04 23:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/04 23:00:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/04 23:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012/07/04 21:51:53 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2012/07/04 21:49:52 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2012/07/04 21:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2012/07/04 21:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2012/07/04 20:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/07/04 20:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
========== Files - Modified Within 30 Days ==========
[2012/07/05 19:43:13 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 19:43:13 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 19:35:52 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012/07/05 19:35:50 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/07/05 19:35:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/05 19:35:37 | 467,546,111 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 18:34:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012/07/05 00:29:03 | 000,002,118 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/07/05 00:28:50 | 000,001,264 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/07/04 23:44:30 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Anti\Desktop\OTL.exe
[2012/07/04 22:52:54 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Anti\Desktop\malwarebytes_antimalware_1.61.exe
[2012/07/04 21:50:12 | 000,000,028 | ---- | M] () -- C:\Windows\Lic.xxx
[2012/07/04 21:49:51 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2012/07/04 20:43:48 | 001,644,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/04 20:43:48 | 000,708,494 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/07/04 20:43:48 | 000,663,772 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/04 20:43:48 | 000,152,098 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/07/04 20:43:48 | 000,125,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/04 19:58:24 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012/07/04 19:58:06 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2012/06/15 09:52:39 | 000,295,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/07/05 18:25:26 | 000,001,411 | ---- | C] () -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/07/05 18:25:21 | 000,001,405 | ---- | C] () -- C:\Users\Anti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/04 21:50:12 | 000,000,028 | ---- | C] () -- C:\Windows\Lic.xxx
[2012/07/04 19:51:19 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2011/08/04 21:44:40 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\~bwcrc32.dll
[2011/07/12 19:15:57 | 001,621,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/01 14:47:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/20 21:25:40 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/04/20 17:23:49 | 000,000,748 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/02 15:28:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/03/02 14:52:41 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011/03/02 13:47:19 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/03/02 13:45:50 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2010/11/28 15:21:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
========== LOP Check ==========
[2012/03/08 10:42:46 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 7/5/2012 7:51:24 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Anti\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5.91 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.19% Memory free
11.83 Gb Paging File | 10.40 Gb Available in Paging File | 87.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 30.76 Gb Free Space | 26.41% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 303.07 Gb Free Space | 92.45% Space Free | Partition Type: NTFS
Computer Name: LUKAS-PC | User Name: Anti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16F625EA-0981-495F-94E6-7D82700C886E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{23731520-740C-4376-B767-B1D4C883A406}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E6827E4-592C-4953-82B2-369939055383}" = rport=137 | protocol=17 | dir=out | app=system |
"{3316A4EF-B4F0-44F2-9977-5BA67089E3D4}" = lport=138 | protocol=17 | dir=in | app=system |
"{3433B914-EDC0-455C-B46E-182965431F6E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3A291D19-B7EC-4B61-AF3A-474D40883297}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E4B8FC7-DF1C-4350-BA85-3DC5138757F1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3FD05CBC-E028-43E9-B5E9-DF360BDCA290}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51596747-A0B0-4CE6-A8CF-E36F771194DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56E078B1-AC9F-45C4-945A-4D63A96FE49A}" = lport=139 | protocol=6 | dir=in | app=system |
"{6906B3EF-7B05-4126-9CB8-273D7BF0C03B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{75894118-4D58-4E5C-BACC-B18BF0E14FF5}" = rport=445 | protocol=6 | dir=out | app=system |
"{79AE04E8-A7DF-43C7-9094-29207CB92947}" = lport=445 | protocol=6 | dir=in | app=system |
"{821A27DD-94E5-4B90-ADDC-2A918BAE5DB6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A4D89600-0F65-4627-8D4A-2F471A249A19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4F00A87-1281-4940-985A-207ADD382B5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2A6EFFE-218F-484B-8907-1C5205992DEA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B39DD0F5-D8F0-40E9-8A70-A58B8BE8DA48}" = rport=138 | protocol=17 | dir=out | app=system |
"{C0284FAB-400C-494D-A65F-BEE8A8D8E14B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C79F7173-F40D-4883-8252-506D707FE1CE}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{CBE5BCB3-E310-44FC-93E5-8192A72C74CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D0C39F83-B55E-4E9C-985E-78F305F83562}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9596E72-26FE-4A0C-8A6E-BF3A5E5718D3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E5C1FAD0-6BDA-4882-851D-AD9B04F4972C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0D7DBC4-521B-48D6-8CC5-09DC44C62511}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB695C18-7348-4C0E-9190-459549A23A7A}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088132A0-6A05-4D68-A4AC-9AB89FE7262C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{11044CAF-DE6C-4DD5-8A02-E56C077B1E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3E63C8D4-B4EB-4F64-93E3-11022841F5BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41565768-6792-4CE7-86D8-EEB7B521028E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{41705802-E8DD-4F17-9CCD-3D3652F8FA3E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{49283D01-5F98-4785-81E5-279EC520F86A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{4A4D1501-9421-43AB-B1F4-068B8A54CCAF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{514F7D17-E034-484A-A848-8E20E2985DF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{54D80437-AB56-40A5-A70C-5BE950E2D826}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62002EB9-EAD8-4CCB-B346-BA67B11833C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{729486FF-6AEB-4041-AEE3-91D571254F74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D91DF39-4E6F-40BD-89B9-F381B6E49769}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{89437D59-398E-4980-9B0A-91D69A2062B2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AF8689D-2BB0-4D19-BF99-FE14DB0DF69C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B993DDA-F68A-463E-8778-35DE2D3969DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D2E56DF-4014-400E-96A1-702E248F6DB1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3AA7D61-4400-4AD6-8313-B1D057D9596D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C282FB32-3F86-4B7E-9D59-B93D45D69B00}" = protocol=6 | dir=out | app=system |
"{C8CA90B5-06D8-4659-9C98-D880D13EBD7D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CEC539BF-0834-4260-93CB-1FA0C36051CF}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{E86CE745-7F89-45B4-B771-2EC64629AD16}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EB7313BF-63D9-4BFA-B12D-5658E19E41BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB0FD6F1-08BD-4A2B-8489-21546DCF91A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD6EA4F7-1A70-402C-B73E-92D37E421893}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{026118E9-6166-4C93-B44A-496146A2A1B8}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"TCP Query User{23BB865F-A944-4751-ADD8-09951DD715ED}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"TCP Query User{93F166D4-DDFB-4FA7-8AEF-C74E750D6CCD}D:\aoe2+exp [portable]\age2_x1.exe" = protocol=6 | dir=in | app=d:\aoe2+exp [portable]\age2_x1.exe |
"TCP Query User{96A2EE4F-27C1-4E59-AC9F-17DB8355E1F8}D:\aoe2+exp [portable]\age2_x1.exe" = protocol=6 | dir=in | app=d:\aoe2+exp [portable]\age2_x1.exe |
"TCP Query User{B5E173F5-9911-4F8F-8321-2D1D19F39150}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{E6001D5B-7525-48A7-A57E-F804E73BEF8C}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{2B60C3A9-B4FB-4BA3-8D83-92E1E0C6F78E}C:\program files (x86)\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ws_ftp\ws_ftp95.exe |
"UDP Query User{58D1861B-4DAA-4A75-AD75-AE9525AE1268}D:\aoe2+exp [portable]\age2_x1.exe" = protocol=17 | dir=in | app=d:\aoe2+exp [portable]\age2_x1.exe |
"UDP Query User{699E1736-8509-4F05-9DA4-FA83EF104ECA}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe |
"UDP Query User{956E7C96-69BC-4E5A-9936-D025BB1EE6B1}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{C32ADDBF-8716-4D10-8F21-60CDECB5CE26}D:\aoe2+exp [portable]\age2_x1.exe" = protocol=17 | dir=in | app=d:\aoe2+exp [portable]\age2_x1.exe |
"UDP Query User{CBC0D6D0-0658-42A9-A8AE-9FC9217ABFA1}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"DesktopIconAmazon" = Desktop Icon für Amazon
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B663B1E-5188-4CE6-978D-83636D3A8932}" = mccPILOTLOG
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B812ECDF-79CF-4066-9883-46066160FB58}" = Access 2003 Runtime Installation
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C009A918-0C06-45B3-AEF6-B1057307A643}" = Steganos Password Manager 12
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CHControlManager_is1" = CH Control Manager Software
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"Free YouTube Download_is1" = Free YouTube Download version 3.1.26.504
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"KillProcess" = KillProcess 2.44
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"Security Task Manager" = Security Task Manager 1.8d
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"TrueCrypt" = TrueCrypt
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/24/2012 2:23:35 PM | Computer Name = Lukas-PC | Source = Application Hang | ID = 1002
Description = Programm Photoshop.exe, Version 7.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b00 Startzeit:
01cd39da45cc57ae Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Adobe\Photoshop
7.0\Photoshop.exe Berichts-ID: 91514387-a5cd-11e1-83db-bcaec55fdaa6
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:35 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:36 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:36 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:36 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 5/30/2012 6:39:36 AM | Computer Name = Lukas-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = DCOM | ID = 10005
Description =
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = DCOM | ID = 10005
Description =
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 7/4/2012 1:53:24 PM | Computer Name = Lukas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Wie soll ich weiter vorgehen. Im Temp Ordner ist nach besagtem Reboot keine 0_0u_l.exe mehr aufgetaucht. Im OTL Log findet sich aber ganz unten eine Datei, die verdächtig ähnlich klingt: C:\ProgramData\l_u0_0.pad
Ich hoffe hiermit alle nötigen Schritte getan zu haben, um den Virenkampf zu eröffnen - mit eurer Hilfe!
Grüße
Lukas |
