| |
| |||||||
Log-Analyse und Auswertung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.12.2011, 21:53
| #1 |
 |  Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Hallo ! Hab jetzt schon viel über eure Seite gelesen und bin begeistert ! Wie ich gelesen habe, teile ich mein Problem mit vielen: Seit gestern kommt bei mir der Schwarze Bildschirm auf dem ich die 50€ bezahlen muss ! Hab jetzt eine OTL Datei gemacht. Ich habe dies allerdings über alle Benutzer gemacht da es nur bei einem der PC-Benutzer ist und dort OTL von Oldtimer nicht funktioniert OTL. Txt Code:
ATTFilter OTL logfile created on: 27.12.2011 21:20:54 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Big Boss\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 72,64% Memory free 6,74 Gb Paging File | 6,12 Gb Available in Paging File | 90,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 361,46 Gb Free Space | 62,74% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32 Computer Name: BIGBOSS-PC | User Name: Big Boss | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.27 20:57:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Big Boss\Downloads\OTL.exe PRC - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.07.01 21:48:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 16:32:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.11.02 09:55:37 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.07.01 21:48:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 21:48:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.03 08:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.01 23:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.11.11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.02.14 14:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide) DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2006.10.09 12:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2005.02.01 01:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.8.1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.28 16:48:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.28 16:48:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.02.15 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Extensions [2011.12.27 01:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions [2010.09.21 14:52:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.12.19 21:48:25 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2009.09.02 14:45:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.09.27 16:12:03 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2011.12.19 10:29:50 | 000,000,941 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\searchplugins\conduit.xml [2011.12.26 23:18:18 | 000,000,944 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\searchplugins\icqplugin.xml [2011.07.20 11:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.30 19:14:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.06 15:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.30 16:59:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.07.20 11:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.05.18 13:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.29 18:22:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.06 11:51:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.02 08:27:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.06 15:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.30 16:59:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.07.20 11:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.10.09 11:46:10 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll [2010.11.04 15:01:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.04 15:01:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.11.04 15:01:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.04 15:01:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.04 15:01:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (ooVoo Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ooVoo Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Big Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1000\$RHJG5O9\gamealarm.exe (Europe Support Ltd. N.V.) O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = File not found O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49CE7B4F-4E17-483E-B575-4DC056E702C4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF88C659-8436-46C3-9445-F2E45C80439A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a1b95934-0a73-11de-b69e-00040e4eca57}\Shell - "" = AutoRun O33 - MountPoints2\{a1b95934-0a73-11de-b69e-00040e4eca57}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell\AutoRun\command - "" = H:\cdstart.exe O33 - MountPoints2\{d8389e96-0cf1-11df-b9c9-00040e4eca57}\Shell - "" = AutoRun O33 - MountPoints2\{d8389e96-0cf1-11df-b9c9-00040e4eca57}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{e77f108f-ed71-11de-9590-00040e4eca57}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.12.22 19:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.12.22 19:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011.12.19 21:48:20 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Local\Conduit [2011.12.19 21:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\BrotherSoft_Extreme [2011.12.12 18:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011.12.06 22:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader [2011.12.06 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Roaming\KastorFreeVimeoDownloader [2011.12.06 22:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kastor Free Vimeo Downloader [2011.12.02 22:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2011.12.02 22:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011.12.02 22:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010.04.23 17:45:58 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2010.04.23 17:45:58 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005.11.23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.27 21:13:08 | 000,000,680 | ---- | M] () -- C:\Users\Big Boss\AppData\Local\d3d9caps.dat [2011.12.27 20:04:24 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.27 20:04:24 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.27 20:04:24 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.27 20:04:24 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.27 19:59:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.27 19:57:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 19:57:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 19:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2011.12.27 19:24:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.27 19:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.27 18:48:08 | 000,002,637 | ---- | M] () -- C:\Users\Big Boss\Desktop\Microsoft Office Word 2003.lnk [2011.12.27 02:33:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2011.12.19 17:33:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011.12.12 18:10:19 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.12.12 18:10:19 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011.12.08 14:06:02 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.12.08 13:13:49 | 000,071,168 | ---- | M] () -- C:\Users\Big Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.06 22:02:22 | 000,001,003 | ---- | M] () -- C:\Users\Big Boss\Desktop\Kastor Free Vimeo Downloader.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.27 21:12:42 | 000,000,680 | ---- | C] () -- C:\Users\Big Boss\AppData\Local\d3d9caps.dat [2011.12.06 22:02:22 | 000,001,003 | ---- | C] () -- C:\Users\Big Boss\Desktop\Kastor Free Vimeo Downloader.lnk [2011.12.02 22:08:45 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.12.02 22:08:45 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.07.30 15:07:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.04.23 17:46:01 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2009.08.02 13:46:27 | 043,419,436 | ---- | C] () -- C:\Windows\System32\Alfamodding Mod Installer Final.exe [2009.08.02 13:46:26 | 019,295,865 | ---- | C] () -- C:\Windows\System32\Alfamodding Fahrzeug Installer Final.exe [2009.07.26 10:20:59 | 000,000,878 | ---- | C] () -- C:\Windows\eReg.dat [2009.06.30 15:40:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.18 17:05:06 | 000,000,000 | ---- | C] () -- C:\Users\Big Boss\AppData\Roaming\wklnhst.dat [2009.02.15 16:34:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.02.15 16:34:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.02.14 17:06:07 | 000,071,168 | ---- | C] () -- C:\Users\Big Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.18 12:31:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.12.10 15:31:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008.12.10 14:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.12.01 21:46:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.12.01 21:08:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.11.24 18:37:33 | 000,617,456 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.11.24 18:37:33 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.11.24 18:37:33 | 000,122,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.11.24 18:37:33 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.11.24 10:42:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.11.24 10:42:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.30 15:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.10.21 18:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.10.21 18:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,414,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,586,568 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,100,640 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.19 08:07:28 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2011.10.08 15:42:28 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\.minecraft [2009.04.11 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Blender Foundation [2009.11.29 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\COMPUTERBILD Browser-Optimierer [2011.12.06 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\KastorFreeVimeoDownloader [2010.12.10 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.04.25 10:00:42 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\ooVoo Details [2009.05.18 13:29:12 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\OpenOffice.org [2010.06.03 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\T-Online [2009.11.01 18:38:01 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Template [2009.02.19 14:18:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\BullGuard [2010.04.23 17:37:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ooVoo Details [2009.05.18 14:23:13 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org [2010.06.09 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online [2009.06.17 10:28:05 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Template [2011.05.18 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\.minecraft [2009.07.30 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ACASystems [2009.04.11 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Blender Foundation [2009.02.18 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\BullGuard [2011.03.20 15:40:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Degener [2011.12.27 18:47:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DNA [2009.05.16 18:30:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FarmingSimulator2008 [2011.12.19 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GetRightToGo [2011.12.06 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\KastorFreeVimeoDownloader [2010.12.10 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.04.23 18:36:54 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ooVoo Details [2009.05.18 14:14:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\OpenOffice.org [2010.06.03 17:58:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\T-Online [2011.12.19 17:33:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011.12.27 02:33:00 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2011.12.27 19:57:32 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.27 19:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.02.19 14:18:55 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.12.10 14:48:51 | 000,000,000 | ---D | M] -- C:\ATI [2008.11.24 18:38:13 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.02.13 15:28:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.12.27 01:14:24 | 000,000,000 | ---D | M] -- C:\Games [2009.06.30 15:36:39 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.12.27 20:07:16 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.02 22:08:46 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.02.13 15:28:52 | 000,000,000 | -HSD | M] -- C:\Programme [2011.12.27 03:13:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.10 19:50:27 | 000,000,000 | R--D | M] -- C:\Users [2011.12.27 19:59:20 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys [2007.11.01 20:31:44 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.12.27 21:20:53 | 002,883,584 | -HS- | M] () -- C:\Users\Big Boss\ntuser.dat [2011.12.27 21:20:53 | 000,262,144 | -H-- | M] () -- C:\Users\Big Boss\ntuser.dat.LOG1 [2009.02.13 15:33:07 | 000,000,000 | -H-- | M] () -- C:\Users\Big Boss\ntuser.dat.LOG2 [2009.03.05 15:08:59 | 000,065,536 | -HS- | M] () -- C:\Users\Big Boss\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.03.05 15:08:59 | 000,524,288 | -HS- | M] () -- C:\Users\Big Boss\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.02.13 18:24:37 | 000,524,288 | -HS- | M] () -- C:\Users\Big Boss\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.12.27 21:04:03 | 000,065,536 | -HS- | M] () -- C:\Users\Big Boss\ntuser.dat{f9c9604c-098c-11de-bc39-00040e4eca57}.TM.blf [2011.12.27 21:04:03 | 000,524,288 | -HS- | M] () -- C:\Users\Big Boss\ntuser.dat{f9c9604c-098c-11de-bc39-00040e4eca57}.TMContainer00000000000000000001.regtrans-ms [2009.03.05 15:42:49 | 000,524,288 | -HS- | M] () -- C:\Users\Big Boss\ntuser.dat{f9c9604c-098c-11de-bc39-00040e4eca57}.TMContainer00000000000000000002.regtrans-ms [2009.02.13 15:33:08 | 000,000,020 | -HS- | M] () -- C:\Users\Big Boss\ntuser.ini [2010.12.25 13:10:37 | 000,000,680 | RHS- | M] () -- C:\Users\Big Boss\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:64217CD0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.12.2011 21:20:54 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Big Boss\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 72,64% Memory free
6,74 Gb Paging File | 6,12 Gb Available in Paging File | 90,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 361,46 Gb Free Space | 62,74% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32
Computer Name: BIGBOSS-PC | User Name: Big Boss | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] --
[HKEY_USERS\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] --
htmlfile [opennew] --
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FEEFD7-DAA8-446E-BA24-9CEC80A2AED6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{092B7013-24CB-436F-9453-FCD35F13AAC3}" = lport=139 | protocol=6 | dir=in | app=system |
"{15AA3B53-7BB0-4624-B98B-6B4DA2792290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{193CD268-471C-45A4-8D45-5D495CB4939B}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{1AB8A49F-7CF4-4E34-8587-C78580632D02}" = rport=138 | protocol=17 | dir=out | app=system |
"{3D31315F-CE93-45CC-A668-77BF12A5AA6C}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{40F26874-B474-4724-9516-06BC3ABC85AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{410F2FC8-621E-48E4-B1C1-32514DD29854}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48AAB640-F76F-44CB-A250-D03443AAC025}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{51FAB345-60E4-4C6F-9EB2-3058C67CE4D1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{55855B17-AE39-4639-A00B-DBC94482CED2}" = lport=137 | protocol=17 | dir=in | app=system |
"{55B9C9C4-FF7E-4333-97CB-18F6FB2ABFF9}" = lport=138 | protocol=17 | dir=in | app=system |
"{5B241154-2626-47B9-87E9-A9CA56805ECF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5F344567-5373-4C01-A693-F71010CF4FB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66B95708-50E0-4E32-8F75-454369E0820C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{673FF9D7-C700-47FE-BA9C-A314942166DE}" = rport=139 | protocol=6 | dir=out | app=system |
"{83BD6419-71EA-4729-9CB7-AA9B4C95184E}" = rport=445 | protocol=6 | dir=out | app=system |
"{8D90EC3B-7FB1-4604-A26A-57516A896010}" = rport=137 | protocol=17 | dir=out | app=system |
"{93EA423E-B665-465D-8639-B99F69EC3F3E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9BD8FBAE-3D3A-4930-B0F1-72488DBFDAE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CB9176A-6459-4B4C-AFE5-02C2E1B63EA4}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{DB4D1759-76DA-4687-948F-DD810B42C8C3}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{E7FAB147-AA45-4511-904F-A14823B03700}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6D04CD6-9160-4866-9243-D14E6020B7BB}" = lport=445 | protocol=6 | dir=in | app=system |
"{FB3C29D3-18CD-4477-9F9F-4E66BFB9D037}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AFC382-B071-42E2-B791-AF7BEF86120C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{09DB61A2-BF75-4443-88BC-44A2DF505CC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{12632B73-43D0-4671-907E-7323E27CBB6B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1688F13D-536D-481A-BC89-A0EE21A06167}" = protocol=17 | dir=in | app=c:\program files\cheat engine\cheat engine.exe |
"{27CFCBAF-2762-4FCE-AC9B-28C3D3A9C918}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2D095751-164C-4FB4-9D2B-545B79C6AF03}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2F0E6636-9DAB-4947-B17E-7186EB34D486}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{3B09F957-ED88-44F1-AC61-F1A2823B1569}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{3DF7BD55-8D42-470B-B889-BB766047F069}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{79210C28-57A7-4676-A68E-CD5FFDBB02AB}" = protocol=6 | dir=in | app=c:\program files\cheat engine\cheat engine.exe |
"{7DADC230-10E8-4723-9653-90F7D3E9F90E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{86F18CA0-450E-4CB7-8EFB-D72FCDC43715}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat |
"{969B3D80-944A-4AD5-B7EF-ED7795EA29D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AD9477DE-6A1C-4DAE-B90F-BC591AFB4E58}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B932721F-1CB2-4C04-8B39-3609CCC9ED44}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1DD6F63-117A-4FAF-B2D0-F36D27C3E05C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E00FD24A-7E3A-445A-96F6-D2D0F5B92842}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EB320711-38FC-494D-A481-D60ECDFF0871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F08DBF64-3277-462D-8398-95926A4863D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD3FC299-1CEF-4E2E-BEDE-5B0925A75587}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{1190DD5A-367D-4D6E-BA98-D3AF80B31E09}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{1ABEFF50-80B5-4905-B214-B65253F9E1C5}C:\games\game alarm\gamealarm.exe" = protocol=6 | dir=in | app=c:\games\game alarm\gamealarm.exe |
"TCP Query User{2A6B02A6-1160-4C2A-A4B7-862375C0D778}C:\users\sebastian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sebastian\program files\dna\btdna.exe |
"TCP Query User{5650D1B9-165F-4363-92C1-8CBACDE16E16}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{5989536E-04E1-40B2-BB76-BFC1F1548EE0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{6A39823D-0B75-42FB-B12B-5D6764132BB3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{7465AE62-04C8-4498-BE33-A4358F77D28A}C:\program files\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 2d\counterstrike2d.exe |
"TCP Query User{AA7F209F-BEAC-4377-B8CC-C6199F889F5B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B8F90E89-AF3E-4BA9-8858-9744619D4041}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{D05CB2DA-1763-4806-9AD4-E7CE865E4ECA}C:\users\sebastian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sebastian\program files\dna\btdna.exe |
"TCP Query User{D4F9DA0E-1053-4E4E-AA3A-B56EA85134EC}C:\users\sebastian\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{01DBB777-6586-47CA-AD01-1EC7DE886A86}C:\users\sebastian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sebastian\program files\dna\btdna.exe |
"UDP Query User{0D3A5242-89A0-4FBE-8D95-B427D59FF746}C:\program files\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 2d\counterstrike2d.exe |
"UDP Query User{25262C79-01F0-4E4A-91B0-2F01DAAE4A09}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{31D78157-3551-465F-A6CA-9605F75BD5FF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{37B7C917-71E9-4E04-A444-FD93E98AC245}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{398917D0-196F-4940-B8B2-FB0B305D9C82}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{8D6A2EAD-D219-408E-B3DF-ABC88DE509B1}C:\users\sebastian\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{A3319613-2B48-42B8-B226-352CB824EDAF}C:\games\game alarm\gamealarm.exe" = protocol=17 | dir=in | app=c:\games\game alarm\gamealarm.exe |
"UDP Query User{B01ABC26-60DD-41C2-B1DE-D1E576E8181F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CF8EC94B-8D37-4435-A359-F4F04CA4F085}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{FC45EBC5-A94A-4A86-BAF9-F2A5996F2128}C:\users\sebastian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sebastian\program files\dna\btdna.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{15E9F68F-3D8A-9281-B6BF-F6D610D8839E}" = Catalyst Control Center Graphics Previews Vista
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{40A55E23-B9B4-E627-2112-384E95C47F84}" = ccc-utility
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59FF69C1-8711-4961-F7B9-E5B92550F881}" = CCC Help English
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D277F84-ED91-614E-9119-A64CE088972D}" = Catalyst Control Center Graphics Full New
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{699C91CC-B484-3913-C4C4-BF5957910EDC}" = ccc-core-static
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{948CCDD3-3C8D-A6A7-B406-A56D8C005FA9}" = Skins
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{956F3605-8739-5130-BAFA-F1AF028118A2}" = Catalyst Control Center InstallProxy
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{99537FD9-8DC9-40E9-5381-7E27511AE004}" = Catalyst Control Center Graphics Full Existing
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8428EB4-F84C-9BA0-6E4D-DF9858D8802D}" = Catalyst Control Center Graphics Light
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6CA467B-13F3-CC4A-3489-463D2EE28172}" = Catalyst Control Center Core Implementation
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DE2F265D-DC1F-4396-B8E7-E98E719AAA24}_is1" = CLICK & LEARN DiDi 360° 1.1
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E02C0C32-1103-42E3-B2B3-1630675B778C}" = Avatar - Legends of The Arena
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E573A6CA-D101-45F6-9C15-577592256D09}" = DesignCAD 3D Max 17.1
"{E73E0ECF-080F-8E71-C413-0961332D47A0}" = ATI Catalyst Install Manager
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Trust Webcam
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F7F58620-9837-DAE7-1B96-61EC7EA0495B}" = Catalyst Control Center Localization German
"{F8E38EFB-8897-0996-F7C7-97FF0F25609B}" = CCC Help German
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"AC3D 6.5.28_is1" = AC3D 6.5.28
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle Race 3D" = Battle Race 3D
"Blender" = Blender (remove only)
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"CCleaner" = CCleaner
"FarmingSimulator2008_is1" = Landwirtschafts Simulator 2008
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"Free YouTube Download_is1" = Free YouTube Download 2.3
"GamersFirst LIVE!" = GamersFirst LIVE!
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"giants_editor_4.1.2_is1" = GIANTS Editor 4.1.2
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Intense Racing 2_is1" = Intense Racing 2
"Kastor Free Vimeo Downloader_is1" = Kastor Free Vimeo Downloader V 1.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Netzmanager" = Netzmanager
"ooVoo_Chat Toolbar" = ooVoo_Chat Toolbar
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"Pivot 3.2 Beta Deutsch" = Pivot 3.2 Beta Deutsch
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.1.3.7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.06.2010 12:54:53 | Computer Name = BigBoss-PC | Source = EventSystem | ID = 4621
Description =
Error - 30.06.2010 14:25:54 | Computer Name = BigBoss-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung QuickTimePlayer.exe, Version 7.65.17.80, Zeitstempel
0x4afa5828, fehlerhaftes Modul QuickTimePlayer.dll, Version 7.65.17.80, Zeitstempel
0x4afa5820, Ausnahmecode 0xc0000409, Fehleroffset 0x0000130d, Prozess-ID 0x1488,
Anwendungsstartzeit 01cb1876f41688d9.
Error - 30.06.2010 15:35:07 | Computer Name = BigBoss-PC | Source = profsvc | ID = 1502
Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche
Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigter lokales
Profil. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem
anderen Prozess verwendet wird.
Error - 30.06.2010 15:47:22 | Computer Name = BigBoss-PC | Source = profsvc | ID = 1502
Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche
Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigter lokales
Profil. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem
anderen Prozess verwendet wird.
Error - 01.07.2010 06:46:14 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.07.2010 10:51:16 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2010 08:58:40 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2010 14:34:57 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2010 05:07:32 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2010 09:26:24 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.12.2011 15:00:14 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005
Description =
Error - 27.12.2011 15:00:27 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005
Description =
Error - 27.12.2011 15:00:57 | Computer Name = BigBoss-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 27.12.2011 15:00:57 | Computer Name = BigBoss-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 27.12.2011 15:07:00 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005
Description =
Error - 27.12.2011 15:54:37 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005
Description =
Error - 27.12.2011 15:54:44 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005
Description =
Error - 27.12.2011 15:54:45 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005
Description =
Error - 27.12.2011 15:54:46 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005
Description =
Error - 27.12.2011 16:11:48 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005
Description =
< End of report >
und Freundliche Grüße Baste ! |
| Themen zu Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... |
| 0x00000001, 50€ bezahlen, alternate, antivir, avira, bho, bildschirm, bonjour, c:\windows\system32\rundll32.exe, conduit, defender, desktop, error, excel, excel.exe, firefox, format, google earth, helper, home, install.exe, intranet, logfile, microsoft office word, nvstor.sys, plug-in, problem, realtek, recycle.bin, registry, required, rundll, scan, sched.exe, schwarze bildschirm, security, security scan, sketchup, software, svchost.exe, udp, usb, version=1.0, vista, wurde ihr |
Baum-Darstellung