|
Plagegeister aller Art und deren Bekämpfung: Achtung! Ihr Pc ist gesperrt...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.12.2011, 15:24 | #1 |
| Achtung! Ihr Pc ist gesperrt... Hallo, also vorneweg: 1. Kann ich was Pcs angeht ausser spielen, und Word nicht viel 2. Hoffe ich dass ich das jetzt hier richtig gepostet habe! 3. Das mit wirklich jemand helfen kann Ich habe wie viele andere hier das Problem das bei mir, wenn ich den Laptop starte dieses "ACHTUNG! Ihr PC ist infiziert, der Pc ist jetzt gesperrt bla bla bla , ausser du bezahlst 50€ dann ist die Welt wieder OK!" Ich hoffe ihr wisst was ich meine Was ich jetzt schonmal gemacht habe ist, OTL runtergeladen und scan nach den aufgeführten Kriterien ausgeführt. das ist dabei rausgekommen. OTL Extras logfile created on: 16.12.2011 15:10:29 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michi\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,36% Memory free 6,18 Gb Paging File | 4,97 Gb Available in Paging File | 80,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 70,71 Gb Free Space | 49,09% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 95,04 Gb Free Space | 31,88% Space Free | Partition Type: NTFS Drive E: | 140,50 Gb Total Space | 60,09 Gb Free Space | 42,77% Space Free | Partition Type: NTFS Computer Name: ZERBERUS | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01708B66-496B-4F83-BABA-D1594B7D6DEC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{1C308474-CEB1-4693-878C-B638D255A773}" = rport=137 | protocol=17 | dir=out | app=system | "{1FC2673D-C92A-4B32-BC95-F9FA3B72AE0F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{28E88C0A-E9E6-478C-844F-CB8F028D5347}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{336F82CD-8F40-46CC-8796-610D50D4033A}" = lport=139 | protocol=6 | dir=in | app=system | "{42B5EF04-AD15-4B6D-B8BE-EEF300372D28}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{78C83DCA-FE22-4CC7-B97E-1477B448F57C}" = rport=138 | protocol=17 | dir=out | app=system | "{97BF5F13-9F40-4BC5-BA89-5CF2AD4E663F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{A59A4FB4-1568-451E-993C-7625ADF8C9E6}" = lport=445 | protocol=6 | dir=in | app=system | "{ADFAA4F3-0D56-4500-BFCB-C548BEFFCFC4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C4684E43-9CC9-451E-9A27-361F98349E62}" = lport=137 | protocol=17 | dir=in | app=system | "{C758B2A0-4A8D-42F1-B424-BCCE767CFE68}" = rport=445 | protocol=6 | dir=out | app=system | "{D29F179E-D1D1-4C97-ADA8-AD548A2FA9B4}" = rport=139 | protocol=6 | dir=out | app=system | "{E5EA9327-E53E-4080-8517-029F0772AEF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EC78F7FF-305E-4287-AFF6-0618C659A9FD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F2D062AC-344E-431D-A541-1137EB79FA53}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0129DF73-55EC-4A26-82E1-A6B9153F6BB7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | "{0B94FACB-4825-480D-9EC1-12F6E6801329}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{107EDF5C-BDC3-49A2-8440-8CE45AF86F74}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{117416E0-DD57-4CFB-B3B4-CE8A4F99A5A8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\addon.exe | "{12687673-4FE0-4BA1-AB76-51D277D5A323}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{14A21AED-0C6E-4A36-B984-9AFCD0885923}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1B0E0245-1A6C-43D6-9AC6-49E3323242F1}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | "{284AA3B6-EE9B-472E-8947-9B0D6180DA00}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | "{383EE924-7B50-4B36-AAE4-8D22950F60FB}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty black ops\blackopsmp.exe | "{3E655F52-D806-489E-A5F5-E02C793313D2}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty black ops\blackopsmp.exe | "{4304A224-4EA0-4D57-8BC2-922F3643EB4B}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{454FEAA1-0148-462E-A78F-E28F34171D24}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty black ops\blackops.exe | "{4DE379E4-926A-4C89-9D16-AD0E636E95D7}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{4E0FA606-854B-4047-9EF3-F5C263AAA149}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{51304B0B-7A95-4401-851F-05ED817DFD20}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{53A7F677-C303-4EB4-B0EF-2AD4218ED412}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{540E4352-36DC-4E10-8702-839E7D483ACB}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{5B688B02-F5D2-40BA-914D-2291A4A15C33}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{5EDF5696-C13E-497B-B049-F1DAC743D4D1}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{5FB64E06-76FC-4C2B-B4DE-3A36626E1A92}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | "{69A1077C-2A1A-4489-AB13-A3744AB5F0A7}" = protocol=17 | dir=in | app=e:\spiele\hawx.exe | "{6C6104D1-B672-4B2A-A3EB-A839A8F69F86}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{6D9C5208-4898-43D0-8D10-5B73B50A97DE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | "{70560880-4A5C-406B-9E9F-F68663A1AD95}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty black ops\blackopsmp.exe | "{72F5C8DA-6076-4BEF-8802-BDF7EB8A8CB5}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{73024502-D146-44EE-8D76-0F68C916DBBA}" = protocol=6 | dir=in | app=e:\spiele\hawx_dx10.exe | "{759D76EF-4D8D-4C5C-BCC8-6ABF75BBE4C4}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steam.exe | "{76FFB6E8-F546-4A72-86BD-0B14BC65270D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{7D566EC8-904C-4190-96DB-44BA89941F8F}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty black ops\blackops.exe | "{7DA8493C-3DFA-4A1D-BA4F-217A53A15D94}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{800752D3-D64C-4F99-837B-A961AC75A575}" = protocol=17 | dir=in | app=e:\spiele\hawx_dx10.exe | "{8171B52B-869C-46DA-A011-66095999B445}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{8D12D7C7-04DA-4C14-8823-6995EC3829C4}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{91793647-9685-49AD-BAC4-134125C8BE31}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | "{951F937D-B76D-479F-94B4-9626C65D2449}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steam.exe | "{9A17772B-520F-485E-9B12-51616650D5BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9D1AA9B6-49D5-4419-B327-D4319458C2CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A1DCDA6E-B70A-4D42-B162-3A5AFCB8CE87}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AAF31AC7-47B2-4478-AEEB-E8A7F9280881}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{AB947757-511D-4C88-94C1-A30EE6104CD4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | "{ABC20E13-1200-482A-9EB7-AD031D1DBEB8}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{ACDA6629-E3FB-4BC6-AA27-D53758D71205}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{AD1A5EB8-26AF-4F2E-BD7E-4A9C43327B98}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\addon.exe | "{AF909BFF-9909-4760-8A64-8C5AA53409D8}" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{B038399F-4EF9-4BF1-A267-2F9393F67CDA}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{BEF9A945-3FD4-49EC-A8F9-175A14FAEC01}" = protocol=6 | dir=in | app=e:\spiele\hawx.exe | "{C2E2486B-D1D0-4F5A-9C2D-A49FABC0D7CE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{CB4540A3-A8AA-4D35-82C7-45897022BF40}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{CF08C4C1-1E75-499B-9622-A2C56CA2C3FD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe | "{D05AC8B3-4281-444D-AE6C-247D81A4DF3A}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty black ops\blackops.exe | "{D7DBB53B-6E19-4B39-B56D-B7DD0F38311F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{E341ED4F-5E51-46D7-A6AC-E7CBC2CF157F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | "{E55B2E29-43F9-41BE-A447-4AFBB69C42A4}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{E5B615AB-F3D9-43BB-B9F9-AF37A1DB825A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{ED03F846-5FCB-4F2A-A499-43AD52C47582}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty black ops\blackops.exe | "{ED886AA7-CD34-4F18-8227-82B01F9EE1D7}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\anno4.exe | "{EF93BDC2-8F5A-4846-A621-5CFBB719D931}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | "{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{F41D5585-813B-4C79-85E2-D17B82C888BB}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{FB8F10A5-F9B5-4FE8-AEE2-8B812298D735}" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty black ops\blackopsmp.exe | "TCP Query User{25AE9ABA-E8E1-4DE6-8F18-A76F738ECC35}F:\schön\iw3mp.exe" = protocol=6 | dir=in | app=f:\schön\iw3mp.exe | "TCP Query User{2E4F6F63-F127-432F-8EC8-FCED10A1325B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{3CD1510F-5070-4B49-BC0D-A481E2DAC4A2}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{3DF88A17-166C-4CBF-84E2-54EA0C2204FA}C:\spiele\sh3.exe" = protocol=6 | dir=in | app=c:\spiele\sh3.exe | "TCP Query User{47FC8CE1-B0C2-4FD5-8C49-639F05BE59F9}C:\spiele\graw.exe" = protocol=6 | dir=in | app=c:\spiele\graw.exe | "TCP Query User{526B53C8-21BF-4783-BD7A-B3346D933A61}D:\games\war3\war3\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\war3\war3\warcraft iii\war3.exe | "TCP Query User{571A6F19-416D-4C3A-A9AF-4056FA31A8DE}E:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "TCP Query User{7B20131C-705E-408E-92E7-73D6F918FA44}C:\spiele\graw-standalone.exe" = protocol=6 | dir=in | app=c:\spiele\graw-standalone.exe | "TCP Query User{A5D38F84-69C1-4E11-9C43-5C8B89276F2A}E:\spiele\binaries\ut3.exe" = protocol=6 | dir=in | app=e:\spiele\binaries\ut3.exe | "TCP Query User{B2C8F6AB-4C16-4C76-9BD1-095D93711CAC}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | "TCP Query User{BF32E91D-A0E7-4BD5-9953-C5B9711C0FD6}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | "TCP Query User{D0024E3A-6B01-4C1F-B5EC-8F462E315F9C}F:\lan\call of duty\coduomp.exe" = protocol=6 | dir=in | app=f:\lan\call of duty\coduomp.exe | "TCP Query User{DE46CC68-BCB0-4F5D-8C98-A0535A04480C}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | "TCP Query User{ED845B34-6816-4393-B812-ACBB8AC198D0}F:\lan\flatout2\flatout2.exe" = protocol=6 | dir=in | app=f:\lan\flatout2\flatout2.exe | "UDP Query User{036772E7-C68E-4A42-9BED-15F82050E49B}E:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=e:\sonstiges\activision\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "UDP Query User{23083734-45BE-46B8-A297-A9D3340538C3}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{2B371806-B32F-49DE-ACA3-66DD41E19A90}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe | "UDP Query User{54671105-95FD-438F-9381-F4088507156F}C:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe | "UDP Query User{5E97AE0A-9231-4B64-8BFE-CCB3B87A5855}F:\lan\flatout2\flatout2.exe" = protocol=17 | dir=in | app=f:\lan\flatout2\flatout2.exe | "UDP Query User{62E132F5-8E15-4A1C-84BD-6769F1E3554D}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | "UDP Query User{65253079-80B5-4006-A845-50C192385406}C:\spiele\sh3.exe" = protocol=17 | dir=in | app=c:\spiele\sh3.exe | "UDP Query User{71E7B375-603D-4EC6-A4D2-C4D941E81244}C:\spiele\graw-standalone.exe" = protocol=17 | dir=in | app=c:\spiele\graw-standalone.exe | "UDP Query User{72D36A98-4659-4BFB-B533-88129A5347AD}C:\spiele\graw.exe" = protocol=17 | dir=in | app=c:\spiele\graw.exe | "UDP Query User{B51A7B9F-C3FD-4DD1-8C1E-78FDF89BF4B2}F:\schön\iw3mp.exe" = protocol=17 | dir=in | app=f:\schön\iw3mp.exe | "UDP Query User{C88B539D-23DC-40AB-8FC3-34E34F279B1E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{D9F335E4-B7BE-4D08-8254-3FD8B4BB3B59}F:\lan\call of duty\coduomp.exe" = protocol=17 | dir=in | app=f:\lan\call of duty\coduomp.exe | "UDP Query User{F2698A2F-3449-435E-8C0F-4AB336A781C1}D:\games\war3\war3\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\war3\war3\warcraft iii\war3.exe | "UDP Query User{F2D17AAF-2955-4CDC-8805-22B2F7F6D219}E:\spiele\binaries\ut3.exe" = protocol=17 | dir=in | app=e:\spiele\binaries\ut3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool "{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series" = Canon MG6100 series MP Drivers "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition "{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player "{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8 "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection AAU 6.0.00.17 "Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus "Audacity_is1" = Audacity 1.2.6 "AVS Update Manager_is1" = AVS Update Manager 1.0 "Bio-Ana-Physio06" = Bio-Ana-Physio06 "Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9000 series Extention Data "Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data" = Canon Easy-PhotoPrint Pro - Pro9500 series Extention Data "Canon MG6100 series Benutzerregistrierung" = Canon MG6100 series Benutzerregistrierung "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-PhotoPrint Pro" = Canon Easy-PhotoPrint Pro "Free Studio_is1" = Free Studio version 4.9 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923 "GridVista" = Acer GridVista "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null "Klinisches Wörterbuch Version 2002" = Klinisches Wörterbuch Version 2002 "LManager" = Launch Manager "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19) "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "NirSoft BlueScreenView" = NirSoft BlueScreenView "Orb" = Winamp Remote "ProInst" = Intel PROSet Wireless "PunkBusterSvc" = PunkBuster Services "StarCraft" = StarCraft "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "Stellarium_is1" = Stellarium 0.10.6.1 "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "TallyGenicom 9025 PCL 6" = TallyGenicom 9025 PCL 6 "Uninstall_is1" = Uninstall 1.0.0.1 "Winamp" = Winamp "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.12.2011 09:42:14 | Computer Name = **** | Source = Windows Search Service | ID = 3013 Description = Error - 12.12.2011 09:42:14 | Computer Name = **** | Source = Windows Search Service | ID = 3013 Description = Error - 16.12.2011 06:02:13 | Computer Name = **** | Source = Windows Search Service | ID = 7040 Description = Error - 16.12.2011 06:02:13 | Computer Name = **** | Source = Windows Search Service | ID = 7040 Description = Error - 16.12.2011 06:02:13 | Computer Name = **** | Source = Windows Search Service | ID = 3029 Description = Error - 16.12.2011 06:02:13 | Computer Name = **** | Source = Windows Search Service | ID = 3028 Description = Error - 16.12.2011 06:02:13 | Computer Name = **** | Source = Windows Search Service | ID = 3058 Description = Error - 16.12.2011 06:16:04 | Computer Name = **** | Source = EventSystem | ID = 4609 Description = Error - 16.12.2011 06:58:29 | Computer Name = **** | Source = EventSystem | ID = 4609 Description = Error - 16.12.2011 07:16:41 | Computer Name = **** | Source = System Restore | ID = 8193 Description = [ OSession Events ] Error - 25.04.2009 06:10:02 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6700 seconds with 3960 seconds of active time. This session ended with a crash. Error - 03.07.2009 06:00:05 | Computer Name = **** | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9732 seconds with 420 seconds of active time. This session ended with a crash. [ System Events ] Error - 16.12.2011 06:58:55 | Computer Name = ****| Source = Service Control Manager | ID = 7001 Description = Error - 16.12.2011 06:59:06 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Error - 16.12.2011 06:59:19 | Computer Name = **** | Source = DCOM | ID = 10005 Description = Error - 16.12.2011 06:59:19 | Computer Name = **** | Source = DCOM | ID = 10005 Description = Error - 16.12.2011 06:59:20 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Error - 16.12.2011 07:22:22 | Computer Name = **** | Source = DCOM | ID = 10005 Description = Error - 16.12.2011 07:22:44 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Error - 16.12.2011 07:22:51 | Computer Name = **** | Source = Service Control Manager | ID = 7001 Description = Error - 16.12.2011 09:30:04 | Computer Name = **** | Source = sptd | ID = 262148 Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt. Error - 16.12.2011 09:32:07 | Computer Name = **** | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 16.12.2011 um 14:29:12 unerwartet heruntergefahren. < End of report > |
16.12.2011, 15:32 | #2 |
/// Malware-holic | Achtung! Ihr Pc ist gesperrt... hi, otl.txt fehlt noch :-)
__________________
__________________ |
16.12.2011, 15:40 | #3 |
| Achtung! Ihr Pc ist gesperrt... Kommt sofort, danke das du helfen kannst:-D!
__________________ |
16.12.2011, 15:42 | #4 |
| Achtung! Ihr Pc ist gesperrt... OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.12.2011 15:10:29 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michi\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 61,36% Memory free 6,18 Gb Paging File | 4,97 Gb Available in Paging File | 80,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 70,71 Gb Free Space | 49,09% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 95,04 Gb Free Space | 31,88% Space Free | Partition Type: NTFS Drive E: | 140,50 Gb Total Space | 60,09 Gb Free Space | 42,77% Space Free | Partition Type: NTFS Computer Name: ZERBERUS | User Name: Michi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michi\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.) PRC - C:\Programme\Acer\Acer Bio Protection\BASVC.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Acer\Empowering Technology\Service\ETService.exe () PRC - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) PRC - C:\Programme\Common Files\SPBA\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\ACER\Mobility Center\MobilityService.exe () PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe () ========== Driver Services (SafeList) ========== DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SaiK0836) -- C:\Windows\System32\drivers\SaiK0836.sys (Saitek) DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (CyberLink) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () DRV - (DgiVecp) -- C:\Windows\System32\drivers\Dgivecp.Sys (DeviceGuys, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0908&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61838 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100009 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 61838 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Install\Internet\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.16 09:46:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 17:15:01 | 000,000,000 | ---D | M] [2008.10.05 11:43:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions [2011.12.16 14:28:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\xw7tijnr.default\extensions [2010.05.05 16:03:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\xw7tijnr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.02 14:43:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\xw7tijnr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.04.28 09:45:08 | 000,000,000 | ---D | M] (SignupShield) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\xw7tijnr.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736} [2009.04.28 09:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\xw7tijnr.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}-trash [2011.12.15 14:59:22 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\xw7tijnr.default\extensions\toolbar@ask.com [2011.02.13 15:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.02.13 15:48:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.01.09 16:55:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.08.29 08:42:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.25 12:51:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2011.04.17 09:13:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.17 09:13:20 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.04.17 09:13:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.17 09:13:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.17 09:13:20 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [firefox.exe] C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\firefox.exe () O4 - HKCU..\Run: [Microsoft® Windows Update] C:\Users\Michi\M-1-74-6482-7942-8945\winsvc.exe File not found O4 - HKCU..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe (Orb Networks) F3 - HKCU WinNT: Load - (C:\Users\Michi\AppData\Local\Temp\csrss.exe) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\Michi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Michi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE0C97E-2AD9-4A7E-A96F-3837BDC7FF25}: DhcpNameServer = 192.168.10.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\dwm.exe) - File not found O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{061cbbf0-9ee0-11dd-9a7e-001e68d12043}\Shell - "" = AutoRun O33 - MountPoints2\{061cbbf0-9ee0-11dd-9a7e-001e68d12043}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{254914c4-3e0e-11de-9310-001e68d12043}\Shell - "" = AutoRun O33 - MountPoints2\{254914c4-3e0e-11de-9310-001e68d12043}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{397706e5-12e2-11de-a931-001e68d12043}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O33 - MountPoints2\{397706fc-12e2-11de-a931-001e68d12043}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\net.exe O33 - MountPoints2\{397706fc-12e2-11de-a931-001e68d12043}\Shell\Open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\net.exe O33 - MountPoints2\{f2923a5d-6592-11df-9a13-001e68d12043}\Shell\AutoRun\command - "" = F:\installer.exe O33 - MountPoints2\{f2923a5d-6592-11df-9a13-001e68d12043}\Shell\verb\command - "" = F:\installer.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.15 14:31:32 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.12.15 14:31:31 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.12.15 14:31:30 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.12.15 14:31:30 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.12.15 14:31:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.12.15 14:31:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.12.15 14:31:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.12.15 14:31:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.12.15 14:31:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.12.15 14:31:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.12.15 14:31:11 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.12.15 14:31:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.12.15 14:31:11 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.12.15 14:31:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.12.15 14:31:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.12.15 14:31:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.12.15 14:31:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.12.15 14:31:10 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.12.15 14:31:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.12.15 14:31:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.12.15 14:31:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.12.15 14:31:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.12.15 14:31:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.12.15 14:31:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.12.14 12:31:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bewerbung [2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Michi\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.16 14:52:32 | 000,637,068 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.16 14:52:32 | 000,604,322 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.16 14:52:32 | 000,129,844 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.16 14:52:32 | 000,107,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.16 14:46:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.12.16 14:46:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.16 14:46:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.16 14:46:13 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.12.16 14:45:16 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys [2011.12.16 12:11:22 | 000,008,592 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.12.16 11:57:34 | 000,300,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.16 10:18:01 | 296,127,398 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.02 08:31:27 | 000,129,024 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.29 21:10:46 | 000,000,216 | ---- | M] () -- C:\Users\***\Desktop\Call of Duty Modern Warfare 3.url [2011.11.29 21:10:46 | 000,000,216 | ---- | M] () -- C:\Users\***\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url [2011.11.29 21:10:46 | 000,000,216 | ---- | M] () -- C:\Users\***\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url [2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\Desktop\*.tmp files -> C:\Users\Michi\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.16 14:31:08 | 3215,847,424 | -HS- | C] () -- C:\hiberfil.sys [2011.11.29 21:10:46 | 000,000,216 | ---- | C] () -- C:\Users\***\Desktop\Call of Duty Modern Warfare 3.url [2011.11.29 21:10:46 | 000,000,216 | ---- | C] () -- C:\Users\***\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url [2011.11.29 21:10:46 | 000,000,216 | ---- | C] () -- C:\Users\***\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url [2011.08.24 15:14:54 | 000,000,000 | ---- | C] () -- C:\Windows\DcmLtBox-WS.ini [2011.08.24 15:14:43 | 000,000,277 | ---- | C] () -- C:\Windows\DcmLtbox.ini [2011.08.23 19:22:12 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\chrtmp [2011.03.22 16:17:18 | 000,005,714 | ---- | C] () -- C:\Users\***\AppData\Roaming\7A6E.413 [2011.02.13 15:53:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.07 11:46:48 | 001,273,856 | ---- | C] () -- C:\Windows\System32\SaiC0836.Dll [2010.04.07 11:46:48 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0836_0C.dll [2010.04.07 11:46:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_10.dll [2010.04.07 11:46:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_0A.dll [2010.04.07 11:46:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_07.dll [2010.04.07 11:46:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0836_09.dll [2010.04.07 11:46:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0836_0402.dll [2010.04.07 11:46:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0836_11.dll [2009.12.08 16:47:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.12.08 16:47:47 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.09.29 06:32:22 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI [2009.09.11 07:21:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.11 07:21:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.02.23 22:59:56 | 000,001,206 | ---- | C] () -- C:\Windows\eReg.dat [2009.02.08 19:39:21 | 000,008,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.01.08 07:58:14 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2008.11.25 16:02:40 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2008.10.09 14:34:32 | 000,000,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.10.06 21:11:39 | 000,029,239 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.10.06 12:46:51 | 000,129,024 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.05 22:11:06 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.10.05 22:11:06 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2008.10.05 22:10:49 | 000,215,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.10.05 22:10:47 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.10.05 11:43:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.05 11:16:14 | 000,114,471 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.10.05 11:16:09 | 000,114,471 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.10.04 22:17:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.01 09:44:15 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.09.01 09:29:49 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2008.09.01 09:29:49 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2008.09.01 09:29:49 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2008.07.30 11:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.07.30 02:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.07.30 02:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.07.30 02:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.07.30 02:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.07.30 02:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.07.30 02:25:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.01.21 08:15:58 | 000,637,068 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,129,844 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 13:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,300,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,604,322 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,107,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.08.21 08:53:50 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.12.24 00:11:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer [2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acer GameZone Console [2010.12.31 15:34:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2 [2011.06.13 19:13:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.10.18 11:34:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.05.26 20:28:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro [2011.09.26 09:56:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2011.09.26 09:51:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2009.01.17 12:40:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2009.06.01 11:50:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.10.02 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2010.10.02 13:22:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2008.10.06 21:11:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2009.09.07 09:33:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ratiopharm [2011.05.01 19:28:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stellarium [2009.01.08 15:42:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2010.04.21 18:19:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2011.01.30 14:14:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft [2011.12.16 14:44:07 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FEBEC560 < End of report > Danke für die Hilfe schonmal :-D |
16.12.2011, 16:04 | #5 |
/// Malware-holic | Achtung! Ihr Pc ist gesperrt... hi achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL F3 - HKCU WinNT: Load - (C:\Users\Michi\AppData\Local\Temp\csrss.exe) - File not found O4 - HKCU..\Run: [Microsoft® Windows Update] C:\Users\Michi\M-1-74-6482-7942-8945\winsvc.exe File not found O4 - HKCU..\Run: [firefox.exe] C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\firefox.exe () :Files C:\Users\Michi\AppData\Roaming\Mozilla\Firefox\firefox.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.12.2011, 16:08 | #6 |
| Achtung! Ihr Pc ist gesperrt... Ich versuchs mal, danke soweit, das wird mir helfen! wenn nicht kann ich ja sicher auch paar Fragen blöder Natur stellen, gell? |
16.12.2011, 16:38 | #7 |
/// Malware-holic | Achtung! Ihr Pc ist gesperrt... ja aber nur ein paar :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.12.2011, 16:55 | #8 |
| Achtung! Ihr Pc ist gesperrt... Also, hier nun was die letzte Stunde, geschah, geschehen wurde ( ;-))! 1. Hab ich das alles so befolgt wie mir geraten danach musste das Programm OTL beendet werden, weil es nicht mehr korrekt ausgeführt wurde. Danach dachte ich:" Sch...schade, es hat nicht funktioniert!". Also Pc runtergefahren, angemeldet und es hat sich bis jetzt (*aufholzklopf*) gottseidank nicht wieder gemeldet, das Trojaner-ding! Kann ich mich jetzt freuen, oder wäre das noch zufrüh? Danke schonmal an dich! |
16.12.2011, 18:04 | #9 |
/// Malware-holic | Achtung! Ihr Pc ist gesperrt... mach mal bitte weiter mit dem upload wie beschrieben dann gucke ich mal
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.12.2011, 13:26 | #10 |
| Achtung! Ihr Pc ist gesperrt... Also den Trojaner bin ich nun so losgeworden: Ich hab eine Boot CD von Linux bekommen, hab mein System über Linux gestartet und hab dann ein gutes Viren Programm drüber laufen lassen. Resultat ist, 15 Trojaner gefunden und direkt gelöscht. Mein Laptop läuft jetzt ca. 50% schneller wie vorher. Danke für deine Hilfe! |
18.12.2011, 16:26 | #11 |
/// Malware-holic | Achtung! Ihr Pc ist gesperrt... äh wenn auf deinem pc 15 trojaner gefunden wurden ist nichts in ordnung.... wie heißen die wo ist der bericht?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.12.2011, 17:09 | #12 |
| Achtung! Ihr Pc ist gesperrt... Ich hab davon keinen Bericht, mein Vater hat das für mich erledigt, der war dann Zuhause. Er meinte, das nun alles wieder fit ist. Soll ich ihn mal fragen was er gemacht hat? |
18.12.2011, 17:44 | #13 |
/// Malware-holic | Achtung! Ihr Pc ist gesperrt... ja, nur weil das programm nichts mehr anzeigt heißt das lange nicht das es nichts mehr auf dem pc gibt...
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
18.12.2011, 18:15 | #14 |
| Achtung! Ihr Pc ist gesperrt... Er hat den PC, komplett gelöscht+ Betriebssystem und dem ganzen anderem, also formatiert ( glaub ich) und dann wurde zusätzlich noch eine "desinfect" - CD aus der CT drüber laufen gelassen.... |
18.12.2011, 18:30 | #15 |
/// Malware-holic | Achtung! Ihr Pc ist gesperrt... na hat er formatiert oder nicht. glauben ist hier eher unwichtig, fakten.... dann müssten wir das system nämlich noch absichern für die zukunft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Achtung! Ihr Pc ist gesperrt... |
achtung!, audacity, avira, benutzerregistrierung, black, call of duty, canon, converter, diner dash, error, excel, fehler, flash player, format, google, home, install.exe, kriterien, launch, logfile, microsoft office word, mozilla, mp3, problem, realtek, registry, rundll, scan, security, software, spielen, studio, svchost.exe, tcp, teamspeak, udp, usb, usb 2.0, vista, world at war |