|
Log-Analyse und Auswertung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.12.2011, 21:53 | #1 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Hallo ! Hab jetzt schon viel über eure Seite gelesen und bin begeistert ! Wie ich gelesen habe, teile ich mein Problem mit vielen: Seit gestern kommt bei mir der Schwarze Bildschirm auf dem ich die 50€ bezahlen muss ! Hab jetzt eine OTL Datei gemacht. Ich habe dies allerdings über alle Benutzer gemacht da es nur bei einem der PC-Benutzer ist und dort OTL von Oldtimer nicht funktioniert OTL. Txt Code:
ATTFilter OTL logfile created on: 27.12.2011 21:20:54 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Big Boss\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 72,64% Memory free 6,74 Gb Paging File | 6,12 Gb Available in Paging File | 90,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 361,46 Gb Free Space | 62,74% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32 Computer Name: BIGBOSS-PC | User Name: Big Boss | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.27 20:57:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Big Boss\Downloads\OTL.exe PRC - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.07.01 21:48:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 16:32:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.11.02 09:55:37 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Stopped] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.07.01 21:48:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 21:48:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.03 08:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.01 23:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.11.11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.02.14 14:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide) DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2006.10.09 12:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2005.02.01 01:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.8.1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.28 16:48:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.28 16:48:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.02.15 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Extensions [2011.12.27 01:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions [2010.09.21 14:52:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.12.19 21:48:25 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2009.09.02 14:45:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.09.27 16:12:03 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2011.12.19 10:29:50 | 000,000,941 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\searchplugins\conduit.xml [2011.12.26 23:18:18 | 000,000,944 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\searchplugins\icqplugin.xml [2011.07.20 11:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.30 19:14:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.06 15:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.30 16:59:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.07.20 11:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.05.18 13:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.29 18:22:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.06 11:51:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.02 08:27:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.06 15:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.30 16:59:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.07.20 11:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.10.09 11:46:10 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll [2010.11.04 15:01:45 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.11.04 15:01:45 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.11.04 15:01:45 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.11.04 15:01:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.11.04 15:01:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (ooVoo Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ooVoo Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Big Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1000\$RHJG5O9\gamealarm.exe (Europe Support Ltd. N.V.) O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = File not found O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49CE7B4F-4E17-483E-B575-4DC056E702C4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF88C659-8436-46C3-9445-F2E45C80439A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a1b95934-0a73-11de-b69e-00040e4eca57}\Shell - "" = AutoRun O33 - MountPoints2\{a1b95934-0a73-11de-b69e-00040e4eca57}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell\AutoRun\command - "" = H:\cdstart.exe O33 - MountPoints2\{d8389e96-0cf1-11df-b9c9-00040e4eca57}\Shell - "" = AutoRun O33 - MountPoints2\{d8389e96-0cf1-11df-b9c9-00040e4eca57}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{e77f108f-ed71-11de-9590-00040e4eca57}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.12.22 19:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.12.22 19:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011.12.19 21:48:20 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Local\Conduit [2011.12.19 21:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\BrotherSoft_Extreme [2011.12.12 18:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011.12.06 22:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader [2011.12.06 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Roaming\KastorFreeVimeoDownloader [2011.12.06 22:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kastor Free Vimeo Downloader [2011.12.02 22:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2011.12.02 22:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011.12.02 22:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010.04.23 17:45:58 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2010.04.23 17:45:58 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005.11.23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.27 21:13:08 | 000,000,680 | ---- | M] () -- C:\Users\Big Boss\AppData\Local\d3d9caps.dat [2011.12.27 20:04:24 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.27 20:04:24 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.27 20:04:24 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.27 20:04:24 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.27 19:59:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.27 19:57:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 19:57:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 19:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2011.12.27 19:24:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.27 19:24:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.27 18:48:08 | 000,002,637 | ---- | M] () -- C:\Users\Big Boss\Desktop\Microsoft Office Word 2003.lnk [2011.12.27 02:33:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2011.12.19 17:33:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011.12.12 18:10:19 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.12.12 18:10:19 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011.12.08 14:06:02 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.12.08 13:13:49 | 000,071,168 | ---- | M] () -- C:\Users\Big Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.06 22:02:22 | 000,001,003 | ---- | M] () -- C:\Users\Big Boss\Desktop\Kastor Free Vimeo Downloader.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.27 21:12:42 | 000,000,680 | ---- | C] () -- C:\Users\Big Boss\AppData\Local\d3d9caps.dat [2011.12.06 22:02:22 | 000,001,003 | ---- | C] () -- C:\Users\Big Boss\Desktop\Kastor Free Vimeo Downloader.lnk [2011.12.02 22:08:45 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.12.02 22:08:45 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2010.07.30 15:07:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.04.23 17:46:01 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2009.08.02 13:46:27 | 043,419,436 | ---- | C] () -- C:\Windows\System32\Alfamodding Mod Installer Final.exe [2009.08.02 13:46:26 | 019,295,865 | ---- | C] () -- C:\Windows\System32\Alfamodding Fahrzeug Installer Final.exe [2009.07.26 10:20:59 | 000,000,878 | ---- | C] () -- C:\Windows\eReg.dat [2009.06.30 15:40:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.18 17:05:06 | 000,000,000 | ---- | C] () -- C:\Users\Big Boss\AppData\Roaming\wklnhst.dat [2009.02.15 16:34:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.02.15 16:34:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.02.14 17:06:07 | 000,071,168 | ---- | C] () -- C:\Users\Big Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.18 12:31:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.12.10 15:31:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008.12.10 14:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.12.01 21:46:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.12.01 21:08:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.11.24 18:37:33 | 000,617,456 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.11.24 18:37:33 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.11.24 18:37:33 | 000,122,258 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.11.24 18:37:33 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.11.24 10:42:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.11.24 10:42:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.30 15:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.10.21 18:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.10.21 18:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,414,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,586,568 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,100,640 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.19 08:07:28 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2011.10.08 15:42:28 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\.minecraft [2009.04.11 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Blender Foundation [2009.11.29 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\COMPUTERBILD Browser-Optimierer [2011.12.06 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\KastorFreeVimeoDownloader [2010.12.10 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.04.25 10:00:42 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\ooVoo Details [2009.05.18 13:29:12 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\OpenOffice.org [2010.06.03 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\T-Online [2009.11.01 18:38:01 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Template [2009.02.19 14:18:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\BullGuard [2010.04.23 17:37:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ooVoo Details [2009.05.18 14:23:13 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org [2010.06.09 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online [2009.06.17 10:28:05 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Template [2011.05.18 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\.minecraft [2009.07.30 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ACASystems [2009.04.11 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Blender Foundation [2009.02.18 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\BullGuard [2011.03.20 15:40:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Degener [2011.12.27 18:47:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DNA [2009.05.16 18:30:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FarmingSimulator2008 [2011.12.19 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GetRightToGo [2011.12.06 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\KastorFreeVimeoDownloader [2010.12.10 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.04.23 18:36:54 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ooVoo Details [2009.05.18 14:14:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\OpenOffice.org [2010.06.03 17:58:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\T-Online [2011.12.19 17:33:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011.12.27 02:33:00 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2011.12.27 19:57:32 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.27 19:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.02.19 14:18:55 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2008.12.10 14:48:51 | 000,000,000 | ---D | M] -- C:\ATI [2008.11.24 18:38:13 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.02.13 15:28:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.12.27 01:14:24 | 000,000,000 | ---D | M] -- C:\Games [2009.06.30 15:36:39 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.12.27 20:07:16 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.02 22:08:46 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.02.13 15:28:52 | 000,000,000 | -HSD | M] -- C:\Programme [2011.12.27 03:13:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.10 19:50:27 | 000,000,000 | R--D | M] -- C:\Users [2011.12.27 19:59:20 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys [2007.11.01 20:31:44 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.12.27 21:20:53 | 002,883,584 | -HS- | M] () -- C:\Users\Big Boss\ntuser.dat [2011.12.27 21:20:53 | 000,262,144 | -H-- | M] () -- C:\Users\Big Boss\ntuser.dat.LOG1 [2009.02.13 15:33:07 | 000,000,000 | -H-- | M] () -- C:\Users\Big Boss\ntuser.dat.LOG2 [2009.03.05 15:08:59 | 000,065,536 | -HS- | M] () -- C:\Users\Big Boss\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2009.03.05 15:08:59 | 000,524,288 | -HS- | M] () -- C:\Users\Big Boss\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2009.02.13 18:24:37 | 000,524,288 | -HS- | M] () -- C:\Users\Big Boss\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2011.12.27 21:04:03 | 000,065,536 | -HS- | M] () -- C:\Users\Big Boss\ntuser.dat{f9c9604c-098c-11de-bc39-00040e4eca57}.TM.blf [2011.12.27 21:04:03 | 000,524,288 | -HS- | M] () -- C:\Users\Big Boss\ntuser.dat{f9c9604c-098c-11de-bc39-00040e4eca57}.TMContainer00000000000000000001.regtrans-ms [2009.03.05 15:42:49 | 000,524,288 | -HS- | M] () -- C:\Users\Big Boss\ntuser.dat{f9c9604c-098c-11de-bc39-00040e4eca57}.TMContainer00000000000000000002.regtrans-ms [2009.02.13 15:33:08 | 000,000,020 | -HS- | M] () -- C:\Users\Big Boss\ntuser.ini [2010.12.25 13:10:37 | 000,000,680 | RHS- | M] () -- C:\Users\Big Boss\ntuser.pol < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:64217CD0 < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.12.2011 21:20:54 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Big Boss\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 72,64% Memory free 6,74 Gb Paging File | 6,12 Gb Available in Paging File | 90,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 361,46 Gb Free Space | 62,74% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32 Computer Name: BIGBOSS-PC | User Name: Big Boss | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- [HKEY_USERS\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [open] -- htmlfile [opennew] -- inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01FEEFD7-DAA8-446E-BA24-9CEC80A2AED6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{092B7013-24CB-436F-9453-FCD35F13AAC3}" = lport=139 | protocol=6 | dir=in | app=system | "{15AA3B53-7BB0-4624-B98B-6B4DA2792290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{193CD268-471C-45A4-8D45-5D495CB4939B}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 | "{1AB8A49F-7CF4-4E34-8587-C78580632D02}" = rport=138 | protocol=17 | dir=out | app=system | "{3D31315F-CE93-45CC-A668-77BF12A5AA6C}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 | "{40F26874-B474-4724-9516-06BC3ABC85AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{410F2FC8-621E-48E4-B1C1-32514DD29854}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{48AAB640-F76F-44CB-A250-D03443AAC025}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 | "{51FAB345-60E4-4C6F-9EB2-3058C67CE4D1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{55855B17-AE39-4639-A00B-DBC94482CED2}" = lport=137 | protocol=17 | dir=in | app=system | "{55B9C9C4-FF7E-4333-97CB-18F6FB2ABFF9}" = lport=138 | protocol=17 | dir=in | app=system | "{5B241154-2626-47B9-87E9-A9CA56805ECF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5F344567-5373-4C01-A693-F71010CF4FB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{66B95708-50E0-4E32-8F75-454369E0820C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{673FF9D7-C700-47FE-BA9C-A314942166DE}" = rport=139 | protocol=6 | dir=out | app=system | "{83BD6419-71EA-4729-9CB7-AA9B4C95184E}" = rport=445 | protocol=6 | dir=out | app=system | "{8D90EC3B-7FB1-4604-A26A-57516A896010}" = rport=137 | protocol=17 | dir=out | app=system | "{93EA423E-B665-465D-8639-B99F69EC3F3E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9BD8FBAE-3D3A-4930-B0F1-72488DBFDAE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9CB9176A-6459-4B4C-AFE5-02C2E1B63EA4}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 | "{DB4D1759-76DA-4687-948F-DD810B42C8C3}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 | "{E7FAB147-AA45-4511-904F-A14823B03700}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F6D04CD6-9160-4866-9243-D14E6020B7BB}" = lport=445 | protocol=6 | dir=in | app=system | "{FB3C29D3-18CD-4477-9F9F-4E66BFB9D037}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02AFC382-B071-42E2-B791-AF7BEF86120C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{09DB61A2-BF75-4443-88BC-44A2DF505CC9}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{12632B73-43D0-4671-907E-7323E27CBB6B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{1688F13D-536D-481A-BC89-A0EE21A06167}" = protocol=17 | dir=in | app=c:\program files\cheat engine\cheat engine.exe | "{27CFCBAF-2762-4FCE-AC9B-28C3D3A9C918}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{2D095751-164C-4FB4-9D2B-545B79C6AF03}" = dir=in | app=c:\program files\itunes\itunes.exe | "{2F0E6636-9DAB-4947-B17E-7186EB34D486}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | "{3B09F957-ED88-44F1-AC61-F1A2823B1569}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | "{3DF7BD55-8D42-470B-B889-BB766047F069}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{79210C28-57A7-4676-A68E-CD5FFDBB02AB}" = protocol=6 | dir=in | app=c:\program files\cheat engine\cheat engine.exe | "{7DADC230-10E8-4723-9653-90F7D3E9F90E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{86F18CA0-450E-4CB7-8EFB-D72FCDC43715}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | "{969B3D80-944A-4AD5-B7EF-ED7795EA29D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AD9477DE-6A1C-4DAE-B90F-BC591AFB4E58}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B932721F-1CB2-4C04-8B39-3609CCC9ED44}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C1DD6F63-117A-4FAF-B2D0-F36D27C3E05C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E00FD24A-7E3A-445A-96F6-D2D0F5B92842}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{EB320711-38FC-494D-A481-D60ECDFF0871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F08DBF64-3277-462D-8398-95926A4863D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FD3FC299-1CEF-4E2E-BEDE-5B0925A75587}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "TCP Query User{1190DD5A-367D-4D6E-BA98-D3AF80B31E09}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | "TCP Query User{1ABEFF50-80B5-4905-B214-B65253F9E1C5}C:\games\game alarm\gamealarm.exe" = protocol=6 | dir=in | app=c:\games\game alarm\gamealarm.exe | "TCP Query User{2A6B02A6-1160-4C2A-A4B7-862375C0D778}C:\users\sebastian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sebastian\program files\dna\btdna.exe | "TCP Query User{5650D1B9-165F-4363-92C1-8CBACDE16E16}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe | "TCP Query User{5989536E-04E1-40B2-BB76-BFC1F1548EE0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{6A39823D-0B75-42FB-B12B-5D6764132BB3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{7465AE62-04C8-4498-BE33-A4358F77D28A}C:\program files\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 2d\counterstrike2d.exe | "TCP Query User{AA7F209F-BEAC-4377-B8CC-C6199F889F5B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{B8F90E89-AF3E-4BA9-8858-9744619D4041}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{D05CB2DA-1763-4806-9AD4-E7CE865E4ECA}C:\users\sebastian\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sebastian\program files\dna\btdna.exe | "TCP Query User{D4F9DA0E-1053-4E4E-AA3A-B56EA85134EC}C:\users\sebastian\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\local\facebook\video\skype\facebookvideocalling.exe | "UDP Query User{01DBB777-6586-47CA-AD01-1EC7DE886A86}C:\users\sebastian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sebastian\program files\dna\btdna.exe | "UDP Query User{0D3A5242-89A0-4FBE-8D95-B427D59FF746}C:\program files\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 2d\counterstrike2d.exe | "UDP Query User{25262C79-01F0-4E4A-91B0-2F01DAAE4A09}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | "UDP Query User{31D78157-3551-465F-A6CA-9605F75BD5FF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{37B7C917-71E9-4E04-A444-FD93E98AC245}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe | "UDP Query User{398917D0-196F-4940-B8B2-FB0B305D9C82}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{8D6A2EAD-D219-408E-B3DF-ABC88DE509B1}C:\users\sebastian\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\local\facebook\video\skype\facebookvideocalling.exe | "UDP Query User{A3319613-2B48-42B8-B226-352CB824EDAF}C:\games\game alarm\gamealarm.exe" = protocol=17 | dir=in | app=c:\games\game alarm\gamealarm.exe | "UDP Query User{B01ABC26-60DD-41C2-B1DE-D1E576E8181F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{CF8EC94B-8D37-4435-A359-F4F04CA4F085}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{FC45EBC5-A94A-4A86-BAF9-F2A5996F2128}C:\users\sebastian\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sebastian\program files\dna\btdna.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe "{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker "{15E9F68F-3D8A-9281-B6BF-F6D610D8839E}" = Catalyst Control Center Graphics Previews Vista "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26 "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger "{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm) "{40A55E23-B9B4-E627-2112-384E95C47F84}" = ccc-utility "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{59FF69C1-8711-4961-F7B9-E5B92550F881}" = CCC Help English "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5D277F84-ED91-614E-9119-A64CE088972D}" = Catalyst Control Center Graphics Full New "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{699C91CC-B484-3913-C4C4-BF5957910EDC}" = ccc-core-static "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.7 "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{948CCDD3-3C8D-A6A7-B406-A56D8C005FA9}" = Skins "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{956F3605-8739-5130-BAFA-F1AF028118A2}" = Catalyst Control Center InstallProxy "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6 "{99537FD9-8DC9-40E9-5381-7E27511AE004}" = Catalyst Control Center Graphics Full Existing "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B8428EB4-F84C-9BA0-6E4D-DF9858D8802D}" = Catalyst Control Center Graphics Light "{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C6CA467B-13F3-CC4A-3489-463D2EE28172}" = Catalyst Control Center Core Implementation "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DE2F265D-DC1F-4396-B8E7-E98E719AAA24}_is1" = CLICK & LEARN DiDi 360° 1.1 "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{E02C0C32-1103-42E3-B2B3-1630675B778C}" = Avatar - Legends of The Arena "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E573A6CA-D101-45F6-9C15-577592256D09}" = DesignCAD 3D Max 17.1 "{E73E0ECF-080F-8E71-C413-0961332D47A0}" = ATI Catalyst Install Manager "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Trust Webcam "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{F7F58620-9837-DAE7-1B96-61EC7EA0495B}" = Catalyst Control Center Localization German "{F8E38EFB-8897-0996-F7C7-97FF0F25609B}" = CCC Help German "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "AC3D 6.5.28_is1" = AC3D 6.5.28 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Battle Race 3D" = Battle Race 3D "Blender" = Blender (remove only) "BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar "CCleaner" = CCleaner "FarmingSimulator2008_is1" = Landwirtschafts Simulator 2008 "FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009 "Free YouTube Download_is1" = Free YouTube Download 2.3 "GamersFirst LIVE!" = GamersFirst LIVE! "GamersFirst War Rock" = War Rock "GameSpy Arcade" = GameSpy Arcade "giants_editor_4.1.2_is1" = GIANTS Editor 4.1.2 "Google Desktop" = Google Desktop "Google Updater" = Google Updater "InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "Intense Racing 2_is1" = Intense Racing 2 "Kastor Free Vimeo Downloader_is1" = Kastor Free Vimeo Downloader V 1.5 "LogMeIn Hamachi" = LogMeIn Hamachi "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Netzmanager" = Netzmanager "ooVoo_Chat Toolbar" = ooVoo_Chat Toolbar "PhotoMail" = PhotoMail Maker "Picasa 3" = Picasa 3 "Pivot 3.2 Beta Deutsch" = Pivot 3.2 Beta Deutsch "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.3 "War of the Ring" = WAR OF THE RING™ DER RINGKRIEG™ "WinRAR archiver" = WinRAR "XMedia Recode" = XMedia Recode 2.1.3.7 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.06.2010 12:54:53 | Computer Name = BigBoss-PC | Source = EventSystem | ID = 4621 Description = Error - 30.06.2010 14:25:54 | Computer Name = BigBoss-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung QuickTimePlayer.exe, Version 7.65.17.80, Zeitstempel 0x4afa5828, fehlerhaftes Modul QuickTimePlayer.dll, Version 7.65.17.80, Zeitstempel 0x4afa5820, Ausnahmecode 0xc0000409, Fehleroffset 0x0000130d, Prozess-ID 0x1488, Anwendungsstartzeit 01cb1876f41688d9. Error - 30.06.2010 15:35:07 | Computer Name = BigBoss-PC | Source = profsvc | ID = 1502 Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigter lokales Profil. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error - 30.06.2010 15:47:22 | Computer Name = BigBoss-PC | Source = profsvc | ID = 1502 Description = Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigter lokales Profil. Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error - 01.07.2010 06:46:14 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10 Description = Error - 01.07.2010 10:51:16 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10 Description = Error - 02.07.2010 08:58:40 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10 Description = Error - 02.07.2010 14:34:57 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2010 05:07:32 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10 Description = Error - 03.07.2010 09:26:24 | Computer Name = BigBoss-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 27.12.2011 15:00:14 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005 Description = Error - 27.12.2011 15:00:27 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005 Description = Error - 27.12.2011 15:00:57 | Computer Name = BigBoss-PC | Source = Service Control Manager | ID = 7001 Description = Error - 27.12.2011 15:00:57 | Computer Name = BigBoss-PC | Source = Service Control Manager | ID = 7026 Description = Error - 27.12.2011 15:07:00 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005 Description = Error - 27.12.2011 15:54:37 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005 Description = Error - 27.12.2011 15:54:44 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005 Description = Error - 27.12.2011 15:54:45 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005 Description = Error - 27.12.2011 15:54:46 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005 Description = Error - 27.12.2011 16:11:48 | Computer Name = BigBoss-PC | Source = DCOM | ID = 10005 Description = < End of report > und Freundliche Grüße Baste ! |
28.12.2011, 05:18 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...Zitat:
Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
29.12.2011, 19:09 | #3 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Hey !
__________________Hab jetzt Malwarebytes Scan gemacht, die gefundenen Objekte gelöscht und dann nochmal AntiVir drüberlaufen lassen / alles gelöscht. Jetzt komm ich wieder in mein Konto und alles funktioniert wieder, doch jetzt weis ich nicht ob wieder alles sicher ist. Kann ich mir sicher sein dass alles weg ist und ohne sorge meinen pc nutzen ? Gruß Baste ! |
29.12.2011, 23:30 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
31.12.2011, 00:50 | #5 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Sorry, hab ich ganz vergessen ! ESET : Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=98e2c3976386fc45a3ba7845d237a41c # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-30 11:46:03 # local_time=2011-12-31 12:46:03 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=768 16777215 100 0 62652269 62652269 0 0 # compatibility_mode=1797 16775165 100 100 85928 100163875 89376 0 # compatibility_mode=5892 16776637 100 100 4227 162800039 0 0 # compatibility_mode=8192 67108863 100 0 3763 3763 0 0 # scanned=154092 # found=5 # cleaned=0 # scan_time=21452 C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1001\$RWJG6UN\SoftonicDownloader_fuer_adobe-photoshop.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1001\$RWJG6UN\SoftonicDownloader_fuer_clipgrab.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1001\$RWJG6UN\SoftonicDownloader_fuer_free-vimeo-downloader.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\GamersFirst\War Rock\system\WarRock.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I C:\Users\Sebastian\AppData\Local\Temp\jar_cache4094548217277640393.tmp a variant of Java/Exploit.CVE-2011-3544.M trojan (unable to clean) 00000000000000000000000000000000 I Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.29.03 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Big Boss :: BIGBOSS-PC [Administrator] 29.12.2011 17:10:49 mbam-log-2011-12-29 (17-10-49).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 483894 Laufzeit: 1 Stunde(n), 43 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Sebastian\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\Users\Sebastian\Downloads\SoftonicDownloader_fuer_free-vimeo-downloader.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
31.12.2011, 15:26 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ --> Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... |
01.01.2012, 18:21 | #7 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...Code:
ATTFilter OTL logfile created on: 01.01.2012 17:59:50 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Big Boss\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 56,06% Memory free 6,71 Gb Paging File | 4,96 Gb Available in Paging File | 73,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,17 Gb Total Space | 349,53 Gb Free Space | 60,67% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 9,86 Gb Free Space | 49,31% Space Free | Partition Type: FAT32 Computer Name: BIGBOSS-PC | User Name: Big Boss | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.31 14:23:19 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.12.27 20:57:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Big Boss\Downloads\OTL.exe PRC - [2011.10.24 18:41:11 | 019,721,728 | ---- | M] (Europe Support Ltd. N.V.) -- C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1000\$RHJG5O9\gamealarm.exe PRC - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.07.14 16:28:07 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2011.07.14 16:03:43 | 000,491,520 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1000\$RHJG5O9\Updater.exe PRC - [2011.07.01 21:48:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.29 16:32:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 15:06:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.16 10:11:52 | 000,984,576 | ---- | M] (Deutsche Telekom AG, T-Com) -- C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\InfoCockpit.exe PRC - [2009.11.10 08:45:25 | 001,529,856 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe PRC - [2009.11.02 09:55:37 | 000,009,728 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2009.10.07 18:38:29 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Sebastian\Program Files\DNA\btdna.exe PRC - [2009.06.30 15:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.18 11:34:34 | 005,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2007.05.10 12:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2011.03.29 11:55:05 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011.03.29 11:54:23 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2011.01.19 11:48:35 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2010.09.23 14:32:28 | 005,242,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2010.04.12 13:20:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll MOD - [2010.04.12 13:19:58 | 005,967,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll MOD - [2010.04.12 13:19:53 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll MOD - [2010.04.12 13:19:52 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.06.30 15:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe MOD - [2008.12.01 21:46:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.11.25 00:34:47 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2008.11.25 00:34:46 | 004,210,688 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll MOD - [2008.10.13 23:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2008.07.27 19:03:15 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2008.07.27 19:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2008.07.27 19:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008.07.27 19:03:15 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2008.07.27 19:03:14 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2008.07.27 19:03:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2008.07.27 19:03:09 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2008.07.27 19:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.07.04 03:02:58 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll MOD - [2008.06.20 02:14:44 | 001,245,184 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll MOD - [2008.06.20 02:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll MOD - [2007.05.10 12:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Win32 Services (SafeList) ========== SRV - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.07.01 21:48:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 16:32:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.11.02 09:55:37 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.07.01 21:48:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 21:48:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.07.03 08:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.01 23:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.11.11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s) DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.02.14 14:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdide.sys -- (amdide) DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2006.10.09 12:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2005.02.01 01:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2776682 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.8.1.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.31 14:23:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.31 14:23:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009.02.15 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Extensions [2011.12.27 01:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions [2010.09.21 14:52:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.12.19 21:48:25 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2009.09.02 14:45:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.09.27 16:12:03 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2011.12.19 10:29:50 | 000,000,941 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\searchplugins\conduit.xml [2011.12.26 23:18:18 | 000,000,944 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\searchplugins\icqplugin.xml [2011.12.28 01:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.10.30 19:14:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.06 15:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.30 16:59:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.07.20 11:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.05.18 13:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.29 18:22:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.06 11:51:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.02 08:27:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.06 15:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.30 16:59:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.07.20 11:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.10.09 11:46:10 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll [2011.12.29 16:58:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.29 16:58:15 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.29 16:58:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.29 16:58:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.29 16:58:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (ooVoo Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ooVoo Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-19..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [AAK8K3J4FL] C:\Users\Sebastian\AppData\Local\Temp\c.exe File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [BitTorrent DNA] C:\Users\Sebastian\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [Facebook Update] C:\Users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [iexploer.exe] C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [LosAlamos] rundll32.exe C:\Users\SEBAST~1\AppData\Local\Temp\sshnas21.dll,AllocConsoleA File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [Microsoft® Windows Update] C:\Users\Sebastian\M-1-52-5782-8752-5245\winsvc.exe File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - Startup: C:\Users\Big Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1000\$RHJG5O9\gamealarm.exe (Europe Support Ltd. N.V.) O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = File not found O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..Trusted Ranges: Range1 ([*] in Local intranet) O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49CE7B4F-4E17-483E-B575-4DC056E702C4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF88C659-8436-46C3-9445-F2E45C80439A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a1b95934-0a73-11de-b69e-00040e4eca57}\Shell - "" = AutoRun O33 - MountPoints2\{a1b95934-0a73-11de-b69e-00040e4eca57}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell\AutoRun\command - "" = H:\cdstart.exe O33 - MountPoints2\{d8389e96-0cf1-11df-b9c9-00040e4eca57}\Shell - "" = AutoRun O33 - MountPoints2\{d8389e96-0cf1-11df-b9c9-00040e4eca57}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{e77f108f-ed71-11de-9590-00040e4eca57}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.30 18:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.29 17:09:06 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Roaming\Malwarebytes [2011.12.29 17:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.29 17:09:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.29 17:09:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.29 17:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.12.22 19:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011.12.22 19:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011.12.19 21:48:20 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Local\Conduit [2011.12.19 21:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\BrotherSoft_Extreme [2011.12.12 18:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011.12.06 22:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kastor Free Vimeo Downloader [2011.12.06 22:02:21 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Roaming\KastorFreeVimeoDownloader [2011.12.06 22:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Kastor Free Vimeo Downloader [2011.12.02 22:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2011.12.02 22:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011.12.02 22:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2010.04.23 17:45:58 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2010.04.23 17:45:58 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005.11.23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.01 18:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012.01.01 17:56:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.01.01 17:56:21 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.01.01 17:56:21 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.01.01 17:56:21 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.01.01 17:56:21 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.01.01 17:49:50 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.01 17:49:50 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.01 17:49:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.01 17:49:41 | 3485,802,496 | -HS- | M] () -- C:\hiberfil.sys [2011.12.31 15:44:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2011.12.31 14:33:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2011.12.31 14:24:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.30 21:44:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011.12.29 17:33:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011.12.29 17:09:03 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.29 16:55:20 | 000,414,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.27 21:44:30 | 000,002,637 | ---- | M] () -- C:\Users\Big Boss\Desktop\Microsoft Office Word 2003.lnk [2011.12.27 21:13:08 | 000,000,680 | ---- | M] () -- C:\Users\Big Boss\AppData\Local\d3d9caps.dat [2011.12.12 18:10:19 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.08 14:06:02 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.12.08 13:13:49 | 000,071,168 | ---- | M] () -- C:\Users\Big Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.06 22:02:22 | 000,001,003 | ---- | M] () -- C:\Users\Big Boss\Desktop\Kastor Free Vimeo Downloader.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.30 21:39:26 | 000,001,136 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2011.12.30 21:39:24 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011.12.29 17:09:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.29 16:54:57 | 3485,802,496 | -HS- | C] () -- C:\hiberfil.sys [2011.12.27 21:12:42 | 000,000,680 | ---- | C] () -- C:\Users\Big Boss\AppData\Local\d3d9caps.dat [2011.12.06 22:02:22 | 000,001,003 | ---- | C] () -- C:\Users\Big Boss\Desktop\Kastor Free Vimeo Downloader.lnk [2011.12.02 22:08:45 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2010.07.30 15:07:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010.04.23 17:46:01 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2009.08.02 13:46:27 | 043,419,436 | ---- | C] () -- C:\Windows\System32\Alfamodding Mod Installer Final.exe [2009.08.02 13:46:26 | 019,295,865 | ---- | C] () -- C:\Windows\System32\Alfamodding Fahrzeug Installer Final.exe [2009.07.26 10:20:59 | 000,000,878 | ---- | C] () -- C:\Windows\eReg.dat [2009.06.30 15:40:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.18 17:05:06 | 000,000,000 | ---- | C] () -- C:\Users\Big Boss\AppData\Roaming\wklnhst.dat [2009.02.15 16:34:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.02.15 16:34:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009.02.14 17:06:07 | 000,071,168 | ---- | C] () -- C:\Users\Big Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.18 12:31:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.12.10 15:31:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008.12.10 14:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.12.01 21:46:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.12.01 21:08:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.11.24 18:37:33 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.11.24 18:37:33 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.11.24 18:37:33 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.11.24 18:37:33 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.11.24 10:42:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.11.24 10:42:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.30 15:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.10.21 18:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.10.21 18:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,414,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.19 08:07:28 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2011.10.08 15:42:28 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\.minecraft [2009.04.11 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Blender Foundation [2009.11.29 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\COMPUTERBILD Browser-Optimierer [2011.12.06 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\KastorFreeVimeoDownloader [2010.12.10 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.04.25 10:00:42 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\ooVoo Details [2009.05.18 13:29:12 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\OpenOffice.org [2010.06.03 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\T-Online [2009.11.01 18:38:01 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Template [2009.02.19 14:18:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\BullGuard [2010.04.23 17:37:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ooVoo Details [2009.05.18 14:23:13 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org [2010.06.09 18:50:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online [2009.06.17 10:28:05 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Template [2011.05.18 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\.minecraft [2009.07.30 15:14:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ACASystems [2009.04.11 19:55:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Blender Foundation [2009.02.18 14:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\BullGuard [2011.03.20 15:40:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Degener [2012.01.01 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DNA [2009.05.16 18:30:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FarmingSimulator2008 [2011.12.19 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GetRightToGo [2011.12.06 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\KastorFreeVimeoDownloader [2010.12.10 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.04.23 18:36:54 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ooVoo Details [2009.05.18 14:14:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\OpenOffice.org [2010.06.03 17:58:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\T-Online [2011.12.29 17:33:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011.12.31 14:33:00 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2011.12.31 16:09:38 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.01 18:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.08 15:42:28 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\.minecraft [2009.02.14 18:17:43 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Adobe [2010.03.10 19:26:15 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Apple Computer [2009.02.13 15:33:37 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\ATI [2010.03.25 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Avira [2009.04.11 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Blender Foundation [2009.12.29 15:37:50 | 000,000,000 | R--D | M] -- C:\Users\Big Boss\AppData\Roaming\Brother [2009.11.29 16:16:32 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\COMPUTERBILD Browser-Optimierer [2009.05.20 16:57:02 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Corel [2009.12.23 10:28:37 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\dvdcss [2009.02.14 19:32:57 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Google [2009.02.13 15:33:13 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Identities [2010.04.24 19:12:50 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\InstallShield [2011.12.06 22:02:24 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\KastorFreeVimeoDownloader [2009.02.13 15:32:34 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Macromedia [2011.12.29 17:09:06 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Media Center Programs [2010.12.10 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010.06.07 15:04:18 | 000,000,000 | --SD | M] -- C:\Users\Big Boss\AppData\Roaming\Microsoft [2009.02.15 10:21:26 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Mozilla [2009.07.09 15:44:48 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Nero [2010.04.25 10:00:42 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\ooVoo Details [2009.05.18 13:29:12 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\OpenOffice.org [2010.03.19 15:50:16 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Skype [2010.06.03 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\T-Online [2009.11.01 18:38:01 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Template [2009.09.02 16:10:26 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\U3 [2010.11.04 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\vlc [2009.09.03 15:15:42 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.06.03 16:24:28 | 000,010,134 | R--- | M] () -- C:\Users\Big Boss\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\U3\temp\cleanup.exe [2008.02.25 12:47:34 | 003,489,792 | -H-- | M] (SanDisk Corporation) -- C:\Users\Big Boss\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys [2007.11.01 20:31:44 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:64217CD0 < End of report > |
02.01.2012, 12:52 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL PRC - [2011.10.24 18:41:11 | 019,721,728 | ---- | M] (Europe Support Ltd. N.V.) -- C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1000\$RHJG5O9\gamealarm.exe PRC - [2011.07.14 16:03:43 | 000,491,520 | ---- | M] () -- C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1000\$RHJG5O9\Updater.exe SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2776682 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "BrotherSoft Extreme Customized Web Search" [2010.09.21 14:52:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.12.19 21:48:25 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13} [2009.09.02 14:45:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.09.27 16:12:03 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Big Boss\AppData\Roaming\mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398} [2011.12.19 10:29:50 | 000,000,941 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\searchplugins\conduit.xml [2011.12.26 23:18:18 | 000,000,944 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\searchplugins\icqplugin.xml [2009.10.30 19:14:34 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.) O2 - BHO: (ooVoo Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Programme\BrotherSoft_Extreme\prxtbBro0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ooVoo Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Programme\ooVoo_Chat\tbooVo.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [AAK8K3J4FL] C:\Users\Sebastian\AppData\Local\Temp\c.exe File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [BitTorrent DNA] C:\Users\Sebastian\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [Facebook Update] C:\Users\Sebastian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [iexploer.exe] C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [LosAlamos] rundll32.exe C:\Users\SEBAST~1\AppData\Local\Temp\sshnas21.dll,AllocConsoleA File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [Microsoft® Windows Update] C:\Users\Sebastian\M-1-52-5782-8752-5245\winsvc.exe File not found O4 - HKU\S-1-5-21-2541067371-2919722289-1218653975-1001..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Game Alarm.lnk = C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1000\$RHJG5O9\gamealarm.exe (Europe Support Ltd. N.V.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a1b95934-0a73-11de-b69e-00040e4eca57}\Shell - "" = AutoRun O33 - MountPoints2\{a1b95934-0a73-11de-b69e-00040e4eca57}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell\AutoRun\command - "" = H:\cdstart.exe O33 - MountPoints2\{d8389e96-0cf1-11df-b9c9-00040e4eca57}\Shell - "" = AutoRun O33 - MountPoints2\{d8389e96-0cf1-11df-b9c9-00040e4eca57}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{e77f108f-ed71-11de-9590-00040e4eca57}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe [2011.12.02 22:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2011.12.02 22:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2011.12.02 22:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2011.12.12 18:10:19 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.01.01 18:00:01 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DNA @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:64217CD0 :Files C:\$RECYCLE.BIN\S-1-5-21-2541067371-2919722289-1218653975-1000 C:\Program Files\McAfee Security Scan :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
02.01.2012, 18:49 | #9 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Hab das gemacht , Computer ist neugestartet, doch jetzt komm ich nur noch als systemadministrator an den pc , d.h. nur noch in ein Konto und nicht mehr in meines . Zudem hab ich keine Verbindung zum Internet und finde auch das WLAN nicht mehr ! Log kann ich deshalb auch nicht Posten Bitte um Hilfe |
02.01.2012, 21:09 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Abgesicherter Modus zur Bereinigung
__________________ Logfiles bitte immer in CODE-Tags posten |
02.01.2012, 21:51 | #11 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Ja der funktioniert noch bzw durch ihn komm ich wieder rein. Aber ich bekomm keine Internetverbindung , auch nicht im abgesicherten Modus mit netzwerktreibern. Ich finde auch mein WLAN Netz nicht über den pc. |
02.01.2012, 22:26 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Geht die Internetverbindung noch per Netzwerkkabel?
__________________ Logfiles bitte immer in CODE-Tags posten |
02.01.2012, 23:14 | #13 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Kabelverbindung vom Speedport zum pc steckt. Sollte ich vielleicht den Treiber von der cd neu installieren ? Bzw. Ein neues Netzwerk einrichten ? Bei Anmeldung in andere Konten kommt nur "benachrichtigungsdienst für systemereignisse " kann nicht hergestellt werden , daher sich eingeschränkte Benutzer nicht am System anmelden (andere Konten sind standart Benutzer nur das jetzige Konto ist ein administrator) zudem braucht es fast 10 bis ich im Konto bin ! |
02.01.2012, 23:18 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Für den Router brauchst du keinen treiber. Eine funktionierende Netzwerkkarte allein tut es, aber dein Windows steht auf zu wackligen Füßen. Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.01.2012, 18:46 | #15 |
| Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... Nur das rausgekommen : OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/8/2012 6:27:12 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576.17 Gb Total Space | 370.32 Gb Free Space | 64.27% Space Free | Partition Type: NTFS Drive D: | 19.99 Gb Total Space | 9.86 Gb Free Space | 49.31% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2011/08/15 10:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011/07/01 15:48:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/04/29 10:32:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/11/02 03:55:37 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand] -- -- (IpInIp) DRV - [2011/07/01 15:48:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/01 15:48:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/09/23 03:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009/07/03 02:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2009/05/11 03:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/12/01 17:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008/11/11 12:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/10/03 11:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008/04/28 08:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008/02/14 08:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007/10/11 20:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2007/09/21 03:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2006/10/09 06:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2005/01/31 19:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Big_Boss_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\Big_Boss_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\Big_Boss_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\Big_Boss_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKU\Big_Boss_ON_C\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKU\Big_Boss_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Big_Boss_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\Carina_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\Carina_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363 IE - HKU\Carina_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Carina_ON_C\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - Reg Error: Key error. File not found IE - HKU\Carina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Carina_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\Sebastian_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Sebastian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Sebastian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AOL Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50-ff-winamp-chromesbox-en-us&tb_uuid=20120101195129925&tb_oid=02-01-2012&tb_mrud=02-01-2012&query=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.18.1 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&invocationType=tb50-ff-winamp-ab-en-us&tb_uuid=20120101195129925&tb_oid=02-01-2012&tb_mrud=02-01-2012&query=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/31 08:23:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/01 14:51:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2009/02/15 04:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Extensions [2012/01/02 12:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\extensions [2012/01/01 14:51:39 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2012/01/02 12:20:05 | 000,002,354 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Mozilla\Firefox\Profiles\fwpm02t9.default\searchplugins\aol-web-search.xml [2012/01/02 12:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/05/06 09:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/10/30 10:59:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/07/20 05:32:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/10/09 05:46:10 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll [2011/12/09 12:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011/12/29 10:58:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/12/29 10:58:15 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011/12/29 10:58:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011/12/29 10:58:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011/12/29 10:58:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012/01/02 12:13:18 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKU\Carina_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\Carina_ON_C..\Run: [BullGuard] File not found O4 - HKU\Carina_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\Carina_ON_C..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\Carina_ON_C..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC) O4 - HKU\Carina_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKU\LocalService_ON_C..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\Sebastian_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\Sebastian_ON_C..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com) O4 - Startup: C:\Users\Big Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = File not found O7 - HKU\Big_Boss_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Big_Boss_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\Big_Boss_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\Carina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Carina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\Carina_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O7 - HKU\Sebastian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Sebastian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\Sebastian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d6072dc9-f9d8-11dd-8939-806e6f6e6963}\Shell\AutoRun\command - "" = H:\reatogoMenu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/02 12:08:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/01/01 14:52:36 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Winamp [2012/01/01 14:52:15 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2012/01/01 14:51:40 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012/01/01 14:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2012/01/01 14:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Toolbar [2012/01/01 14:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility [2012/01/01 14:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2012/01/01 14:51:10 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Roaming\Winamp [2012/01/01 14:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2011/12/30 15:40:28 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011/12/30 12:50:46 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Neuer Ordner (2) [2011/12/30 12:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/12/29 11:09:06 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Roaming\Malwarebytes [2011/12/29 11:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/29 11:09:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/12/29 11:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/12/22 13:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011/12/22 13:39:44 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi [2011/12/19 15:48:20 | 000,000,000 | ---D | C] -- C:\Users\Big Boss\AppData\Local\Conduit [2011/12/19 15:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\BrotherSoft_Extreme [2011/12/19 15:47:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\GetRightToGo [2011/12/19 15:47:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\Downloads [2011/12/12 12:10:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2010/04/23 11:45:58 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2010/04/23 11:45:58 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2007/03/12 04:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2005/11/23 05:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2012/01/08 12:14:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/08 12:14:32 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/08 12:14:32 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/08 12:07:57 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/01/08 12:07:56 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/01/08 12:07:56 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/01/08 12:07:56 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/01/08 11:58:59 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys [2012/01/07 12:47:50 | 000,414,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/01/02 15:46:09 | 000,000,680 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat [2012/01/02 12:13:18 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012/01/02 12:10:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012/01/02 12:02:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/01 19:24:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/01 18:44:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2012/01/01 17:33:01 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2012/01/01 15:44:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2012/01/01 14:52:15 | 000,000,804 | ---- | M] () -- C:\Users\Big Boss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2012/01/01 14:52:15 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2011/12/30 15:40:30 | 000,002,106 | ---- | M] () -- C:\Users\Sebastian\Desktop\Google Chrome.lnk [2011/12/30 15:40:30 | 000,002,068 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/29 11:33:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011/12/29 11:09:03 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/12/29 11:09:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/27 17:01:52 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2011/12/27 15:44:30 | 000,002,637 | ---- | M] () -- C:\Users\Big Boss\Desktop\Microsoft Office Word 2003.lnk [2011/12/27 15:13:08 | 000,000,680 | ---- | M] () -- C:\Users\Big Boss\AppData\Local\d3d9caps.dat [2011/12/26 16:43:50 | 000,000,000 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\{12CB1420-FE24-40EE-B8F7-3CB28D3E7F19} [2011/12/22 13:39:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2011/12/12 12:10:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2011/12/10 09:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/01/07 12:47:37 | 3487,883,264 | -HS- | C] () -- C:\hiberfil.sys [2012/01/01 14:52:15 | 000,000,804 | ---- | C] () -- C:\Users\Big Boss\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk [2012/01/01 14:52:15 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2011/12/30 15:40:30 | 000,002,106 | ---- | C] () -- C:\Users\Sebastian\Desktop\Google Chrome.lnk [2011/12/30 15:40:30 | 000,002,068 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/12/30 15:39:26 | 000,001,136 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2011/12/30 15:39:24 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2011/12/29 11:09:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/12/27 15:12:42 | 000,000,680 | ---- | C] () -- C:\Users\Big Boss\AppData\Local\d3d9caps.dat [2011/12/26 16:43:50 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\{12CB1420-FE24-40EE-B8F7-3CB28D3E7F19} [2011/10/07 09:13:09 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\chrtmp [2010/10/09 05:36:10 | 000,000,680 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat [2010/07/30 09:07:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2010/04/23 11:46:01 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2010/03/05 14:36:56 | 000,000,042 | ---- | C] () -- C:\Users\Sebastian\AppData\default.pls [2009/08/02 07:46:27 | 043,419,436 | ---- | C] () -- C:\Windows\System32\Alfamodding Mod Installer Final.exe [2009/08/02 07:46:26 | 019,295,865 | ---- | C] () -- C:\Windows\System32\Alfamodding Fahrzeug Installer Final.exe [2009/07/31 05:34:01 | 000,004,096 | -H-- | C] () -- C:\Users\Sebastian\AppData\Local\keyfile3.drm [2009/07/26 04:20:59 | 000,000,878 | ---- | C] () -- C:\Windows\eReg.dat [2009/07/15 09:47:22 | 000,011,776 | ---- | C] () -- C:\Users\Carina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/30 09:40:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009/06/17 04:28:04 | 000,000,128 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\wklnhst.dat [2009/02/23 15:37:48 | 000,101,888 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/02/18 11:05:06 | 000,000,000 | ---- | C] () -- C:\Users\Big Boss\AppData\Roaming\wklnhst.dat [2009/02/15 10:34:47 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009/02/15 10:34:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2009/02/14 11:06:07 | 000,071,168 | ---- | C] () -- C:\Users\Big Boss\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/18 06:31:13 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008/12/10 09:31:50 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008/12/10 08:55:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008/12/01 15:46:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008/12/01 15:08:38 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008/11/24 12:37:33 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008/11/24 12:37:33 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008/11/24 12:37:33 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008/11/24 12:37:33 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008/11/24 04:42:24 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008/11/24 04:42:24 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/10/30 09:45:42 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008/10/21 12:40:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008/10/21 12:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,414,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006/09/19 02:07:28 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2004/02/27 09:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2003/02/20 10:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2011/10/08 09:42:28 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\.minecraft [2009/04/11 13:54:44 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Blender Foundation [2009/11/29 10:16:32 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\COMPUTERBILD Browser-Optimierer [2011/12/06 16:02:24 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\KastorFreeVimeoDownloader [2010/12/10 11:41:09 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010/04/25 04:00:42 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\ooVoo Details [2009/05/18 07:29:12 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\OpenOffice.org [2010/06/03 10:22:03 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\T-Online [2009/11/01 12:38:01 | 000,000,000 | ---D | M] -- C:\Users\Big Boss\AppData\Roaming\Template [2009/02/19 08:18:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\BullGuard [2010/04/23 11:37:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\ooVoo Details [2009/05/18 08:23:13 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org [2010/06/09 12:50:34 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\T-Online [2009/06/17 04:28:05 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Template [2011/05/18 13:07:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\.minecraft [2009/07/30 09:14:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ACASystems [2009/04/11 13:55:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Blender Foundation [2009/02/18 08:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\BullGuard [2011/03/20 09:40:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Degener [2009/05/16 12:30:14 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FarmingSimulator2008 [2011/12/19 15:49:29 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GetRightToGo [2011/12/06 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\KastorFreeVimeoDownloader [2010/12/10 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien [2010/04/23 12:36:54 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\ooVoo Details [2009/05/18 08:14:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\OpenOffice.org [2010/06/03 11:58:24 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\T-Online [2011/12/29 11:33:00 | 000,001,132 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001Core.job [2012/01/01 17:33:01 | 000,001,154 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2541067371-2919722289-1218653975-1001UA.job [2012/01/02 12:13:30 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/01/02 12:10:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Sebastian\Documents\VideoDJ max.mp4:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Sebastian\Documents\Clip121.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Sebastian\Documents\Clip1111.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Sebastian\Documents\Clip0002.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Sebastian\Documents\Clip0001.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Sebastian\Documents\Billy Talent - Red Flag.mp3:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Sebastian\Documents\104-timbaland-the_way_i_are_(feat_keri_hilson_and_d.o.e.).mp3:TOC.WMV < End of report > |
Themen zu Aus Sicherheitsgründen wurde ihr Windowssystem blockiert... |
0x00000001, 50€ bezahlen, alternate, antivir, avira, bho, bildschirm, bonjour, c:\windows\system32\rundll32.exe, conduit, defender, desktop, error, excel, excel.exe, firefox, format, google earth, helper, home, install.exe, intranet, logfile, microsoft office word, nvstor.sys, plug-in, problem, realtek, recycle.bin, registry, required, rundll, scan, sched.exe, schwarze bildschirm, security, security scan, sketchup, software, svchost.exe, udp, usb, version=1.0, vista, wurde ihr |