| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windowssystem gesperrt! Aus Sicherheitsgründen ...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.02.2012, 00:41
| #1 |
| |  Windowssystem gesperrt! Aus Sicherheitsgründen ... Hallo, auch mich hat dieser 50 Euro Trojaner erwischt. Ich bin bei sowas sehr unerfahren und habe mir nur aus den anderen Posts herausgelesen, dass ich mich im abgesicherten Modus anmelden soll und dieses OTL runterladen soll. Nun wollt ich nochmal um eine einfache Anweisung bitten, was ich nun tun soll. Ich habe auch gelesen, dass man hier diese Logs posten soll, aber Frauen und Technik ist zumindest in meinem Fall keine gute Kombination (ich glaube mein Rechner hat auch noch ein anderes Problem) und von daher bin da eher leicht überfordert. Ich danke schonmal für die Hilfe. |
|
28.02.2012, 07:39
| #2 |
  | Windowssystem gesperrt! Aus Sicherheitsgründen ... Halll,
__________________probieren wir mal die einfache Variante... Beim Booten des Rechners F8 drücken, abgesicherter Modus mit Netzwerkanbindung auswählen. Wenn das geht wie folgt verfahren (by the way, was für ein Rechner (Betriebssystem etc.) ist das denn?): OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
|
28.02.2012, 17:03
| #3 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Abgesicherter Modus funktioniert. Auch der normale Modus ab und zu. Manchmal wird die "Warunung" sofort nach dem anmelden angezeigt, manchmal erst nach mehreren Minuten (10, 15 Minuten). Habe mich aber jetzt mit dem abgesicherten Modus angemeldet.
__________________Betriebssystem ist Windows 7 Home Premium Intel(R) Core(TM) i3 CPU M 350 @2.27 GHz 2.26 GHz (reicht das an Infos?) Hoffe es ist alles richtig (der Username ist natürlich nicht mein richtiger Name). Hier die Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/28/2012 4:53:47 PM - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Maria\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.85 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 79.39% Memory free 7.71 Gb Paging File | 6.96 Gb Available in Paging File | 90.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 179.00 Gb Total Space | 26.76 Gb Free Space | 14.95% Space Free | Partition Type: NTFS Drive D: | 266.66 Gb Total Space | 266.09 Gb Free Space | 99.79% Space Free | Partition Type: NTFS Computer Name: MARIKASTL | User Name: Maria | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maria\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ezGOSvc) -- C:\Windows\SysWOW64\ezGOSvc.dll () SRV - (FSORSPClient) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FSMA) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Rezip) -- C:\Windows\SysWOW64\Rezip.exe () SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys () DRV - (F-Secure HIPS) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (fsvista) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012/02/17 13:25:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 21:00:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/24 18:35:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 21:00:40 | 000,000,000 | ---D | M] [2011/06/19 21:59:43 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012/02/24 18:33:53 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Maria\AppData\Roaming\toolplugin\toolbar.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Maria\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [SkypeM] C:\Users\Maria\AppData\Local\Skype\Skype.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F9F901C-C935-4A66-BFB9-4948610E056C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B392774D-873C-4088-A5C4-50BFE6380FFC}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c513cae5-ab2f-11e0-adf3-002454bac2c4}\Shell - "" = AutoRun O33 - MountPoints2\{c513cae5-ab2f-11e0-adf3-002454bac2c4}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{c513cae5-ab2f-11e0-adf3-002454bac2c4}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{c513cae5-ab2f-11e0-adf3-002454bac2c4}\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/28 00:10:54 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe [2012/02/28 00:06:02 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\ElevatedDiagnostics [2012/02/27 22:24:59 | 002,007,072 | ---- | C] (Piston Software ) -- C:\Users\Maria\Desktop\mp3joiner_setup.exe [2012/02/27 22:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012/02/27 22:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012/02/27 22:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2012/02/27 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\once _2 [2012/02/27 21:42:09 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\once [2012/02/25 13:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom [2012/02/25 13:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameHouse [2012/02/25 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\Delicious Deluxe 2 [2012/02/25 12:37:09 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\CardBoard Castle [2012/02/25 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Funlinker [2012/02/25 00:44:02 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\MagicIndie [2012/02/25 00:42:55 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\ThFo [2012/02/24 23:21:52 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2012/02/24 23:21:52 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2012/02/24 23:21:52 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2012/02/24 23:21:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2012/02/24 23:21:51 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2012/02/24 23:21:51 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2012/02/24 23:21:49 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2012/02/24 23:21:49 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2012/02/24 23:21:47 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2012/02/24 23:21:47 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2012/02/24 23:21:46 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2012/02/24 23:21:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2012/02/24 23:21:45 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2012/02/24 23:21:45 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2012/02/24 23:21:43 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2012/02/24 23:21:43 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2012/02/24 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\toolplugin [2012/02/24 00:48:41 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\aimp_3.00.981 [2012/02/16 11:37:27 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/02/16 11:37:11 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/02/16 11:37:11 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/02/16 11:37:04 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/02/16 11:36:26 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/02/16 11:36:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/16 11:36:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/16 11:36:24 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/16 11:36:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/16 11:36:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/16 11:36:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/09 12:58:52 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\pdfforge [2012/02/09 12:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012/02/09 12:58:49 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012/02/09 12:58:47 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012/02/09 12:58:47 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012/02/09 12:58:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012/02/09 12:58:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012/02/09 12:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012/02/09 12:56:48 | 018,590,304 | ---- | C] (pdfforge GbR) -- C:\Users\Maria\Desktop\PDFCreator-1_2_3_setup.exe [2012/02/09 12:48:19 | 001,332,736 | ---- | C] (PDF Desk Informatique) -- C:\Windows\WinPDF.exe [2012/02/09 12:09:17 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\PDFCreator [2012/02/09 11:51:48 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\UploadedFile_129732582456093750 [2012/02/09 11:47:12 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\UDC Profiles [2012/02/09 11:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Document Converter [2012/02/09 11:44:56 | 000,030,656 | ---- | C] (fCoder Group, Inc.) -- C:\Windows\SysNative\udcpm.dll [2012/02/09 11:44:56 | 000,000,000 | R--D | C] -- C:\Users\Maria\Documents\UDC Output Files [2012/02/09 11:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Universal Document Converter [2012/02/07 13:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeeGT-Games [2012/02/07 13:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn 3 - Gefaehrliche Schatten Sammleredition [2012/02/06 19:57:25 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\Dr2DaFl [2012/02/06 17:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012/02/06 17:33:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012/02/06 17:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012/02/06 17:31:17 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012/02/06 16:55:58 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\bewerbung [2012/02/05 20:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom [2012/02/05 19:13:33 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Flucht aus der Dunkelheit Sammleredition [2012/02/05 19:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Flucht aus der Dunkelheit Sammleredition [2012/02/05 19:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drawn - Flucht aus der Dunkelheit Sammleredition [2012/02/05 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\PlayPond [2012/02/05 02:10:49 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\ScummVM_-_VideoAnleitung [2012/02/04 23:04:41 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\George2 [2012/02/04 22:03:47 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\VendelGAMES [2012/02/04 22:03:23 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\LoChDeFlSa [2012/02/04 18:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sweet Animals [2012/02/04 18:58:16 | 000,000,000 | ---D | C] -- C:\Programme [2012/02/04 18:56:59 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\MeTi [2012/02/04 15:22:09 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\GamersDigital [2012/02/04 15:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\GamersDigital [2012/02/04 15:20:54 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\ReCrJathRi [2012/02/01 20:28:04 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\ERS Game Studios [1 C:\Users\Maria\Documents\*.tmp files -> C:\Users\Maria\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/28 16:34:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/28 16:34:05 | 4137,803,776 | -HS- | M] () -- C:\hiberfil.sys [2012/02/28 00:10:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe [2012/02/27 23:59:33 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/27 23:59:33 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/27 23:15:42 | 000,449,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/27 22:47:29 | 000,337,264 | ---- | M] () -- C:\Users\Maria\Desktop\relink.us__129.Walt.Disney.Zeichentrickfilme.German.1937-2010.DVDRiP.XviD-iNTERNAL_5403d0f39c59a936a4b0ef915db3a9.dlc [2012/02/27 22:25:09 | 002,007,072 | ---- | M] (Piston Software ) -- C:\Users\Maria\Desktop\mp3joiner_setup.exe [2012/02/27 22:18:25 | 027,065,344 | ---- | M] () -- C:\Users\Maria\Desktop\wz160-32gev.msi [2012/02/27 21:34:24 | 004,511,888 | ---- | M] () -- C:\Users\Maria\Desktop\disturbed - down with the sickness.mp3 [2012/02/25 13:22:19 | 023,558,697 | ---- | M] () -- C:\Users\Maria\Desktop\Delicious Deluxe 2.rar [2012/02/25 13:18:56 | 010,752,000 | ---- | M] () -- C:\Users\Maria\Desktop\Delicious.rar [2012/02/25 12:00:05 | 064,811,400 | ---- | M] () -- C:\Users\Maria\Desktop\Cardboard Castle.rar [2012/02/25 01:24:37 | 198,590,042 | ---- | M] () -- C:\Users\Maria\Desktop\Celtic Myths - Das Vermächtnis der Kelten.rar [2012/02/25 00:29:14 | 277,592,327 | ---- | M] () -- C:\Users\Maria\Desktop\ThFo.rar [2012/02/24 23:22:47 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2012/02/24 18:35:38 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2012/02/24 18:35:38 | 000,001,571 | ---- | M] () -- C:\Users\Maria\Desktop\DivX Movies.lnk [2012/02/24 18:35:27 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2012/02/24 18:15:14 | 001,700,356 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/24 18:15:14 | 000,719,678 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/02/24 18:15:14 | 000,672,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/24 18:15:14 | 000,159,052 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/02/24 18:15:14 | 000,130,668 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/24 00:48:32 | 006,934,628 | ---- | M] () -- C:\Users\Maria\Desktop\aimp_3.00.981.zip [2012/02/17 13:20:47 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/02/16 13:16:17 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/02/16 13:16:17 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/02/16 13:15:12 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/02/16 13:12:50 | 000,702,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/02/16 13:12:50 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/16 13:12:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/16 13:12:50 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/16 13:12:50 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/16 13:12:50 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/16 13:12:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/09 12:58:52 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012/02/09 12:56:53 | 018,590,304 | ---- | M] (pdfforge GbR) -- C:\Users\Maria\Desktop\PDFCreator-1_2_3_setup.exe [2012/02/09 12:48:19 | 000,000,740 | ---- | M] () -- C:\Users\Maria\Desktop\WinPDF.lnk [2012/02/09 12:08:18 | 013,853,991 | ---- | M] () -- C:\Users\Maria\Desktop\PDFCreator.rar [2012/02/09 11:51:23 | 000,049,625 | ---- | M] () -- C:\Users\Maria\Desktop\UploadedFile_129732582456093750.zip [2012/02/09 11:50:48 | 000,061,314 | ---- | M] () -- C:\Users\Maria\Desktop\uploadedfile_129732582456093750-001.jpg [2012/02/09 11:45:02 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\UDC Output Files.lnk [2012/02/07 13:56:22 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Drawn 3 - ACTIVATION KEY.lnk [2012/02/07 13:56:22 | 000,001,355 | ---- | M] () -- C:\Users\Public\Desktop\Drawn 3 - Gefaehrliche Schatten Sammleredition.lnk [2012/02/07 13:24:15 | 000,130,872 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_9_1680x1050.jpg [2012/02/07 13:24:08 | 000,097,479 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_7_1680x1050.jpg [2012/02/07 13:24:01 | 000,171,802 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_6_1680x1050.jpg [2012/02/07 13:23:53 | 000,190,113 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_5_1680x1050.jpg [2012/02/07 13:23:41 | 000,199,061 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_3_1680x1050.jpg [2012/02/07 13:23:35 | 000,123,294 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_2_1680x1050.jpg [2012/02/07 13:23:25 | 000,155,045 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_1_1680x1050.jpg [2012/02/07 13:23:08 | 000,249,483 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_0_1680x1050.jpg [2012/02/07 13:21:44 | 000,268,457 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_8_1680x1050.jpg [2012/02/07 02:55:47 | 076,991,795 | ---- | M] () -- C:\Users\Maria\Desktop\lebendkrisen_meistern.rar [2012/02/07 02:52:32 | 083,101,051 | ---- | M] () -- C:\Users\Maria\Desktop\leichter_lernen.rar [2012/02/06 19:49:02 | 520,202,051 | ---- | M] () -- C:\Users\Maria\Desktop\Dr2DaFl.rar [2012/02/06 17:27:23 | 000,000,431 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.sfv [2012/02/06 17:25:40 | 010,956,360 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part4.rar [2012/02/06 17:24:55 | 100,000,000 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part3.rar [2012/02/06 17:21:30 | 100,000,000 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part2.rar [2012/02/06 17:14:23 | 100,000,000 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part1.rar [2012/02/05 22:19:08 | 000,012,009 | ---- | M] () -- C:\Users\Maria\Desktop\MyLe3BeanthBeSA.rar [2012/02/05 20:51:01 | 000,000,922 | ---- | M] () -- C:\Users\Maria\Desktop\Delicious - Emily's Tea Garden.lnk [2012/02/05 00:35:42 | 002,542,082 | ---- | M] () -- C:\Users\Maria\Desktop\ScummVM-0.11.0-win32.rar [2012/02/05 00:35:16 | 002,039,420 | ---- | M] () -- C:\Users\Maria\Desktop\ScummVM_-_VideoAnleitung.rar [2012/02/04 23:19:56 | 063,930,956 | ---- | M] () -- C:\Users\Maria\Desktop\George2.part3.rar [2012/02/04 23:07:46 | 104,857,600 | ---- | M] () -- C:\Users\Maria\Desktop\George2.part2.rar [2012/02/04 22:06:15 | 104,857,600 | ---- | M] () -- C:\Users\Maria\Desktop\George2.part1.rar [2012/02/04 21:45:37 | 000,012,016 | ---- | M] () -- C:\Users\Maria\Desktop\BaFl2DeSpdeFi.part2.rar [2012/02/04 19:21:25 | 284,629,809 | ---- | M] () -- C:\Users\Maria\Desktop\LoChDeFlSa.rar [2012/02/04 17:54:07 | 440,401,920 | ---- | M] () -- C:\Users\Maria\Desktop\BaFl2DeSpdeFi.part1.rar [2012/02/04 15:36:02 | 273,455,781 | ---- | M] () -- C:\Users\Maria\Desktop\MeTi.rar [2012/02/04 15:20:38 | 178,850,691 | ---- | M] () -- C:\Users\Maria\Desktop\ReCrJathRi.rar [2012/02/02 19:30:48 | 000,010,575 | ---- | M] () -- C:\Users\Maria\Documents\gäste.odt [2012/02/02 19:23:05 | 000,011,993 | ---- | M] () -- C:\Users\Maria\Desktop\HaHa2KiSA.rar [1 C:\Users\Maria\Documents\*.tmp files -> C:\Users\Maria\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/27 23:15:25 | 000,449,976 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/27 22:47:29 | 000,337,264 | ---- | C] () -- C:\Users\Maria\Desktop\relink.us__129.Walt.Disney.Zeichentrickfilme.German.1937-2010.DVDRiP.XviD-iNTERNAL_5403d0f39c59a936a4b0ef915db3a9.dlc [2012/02/27 22:18:18 | 027,065,344 | ---- | C] () -- C:\Users\Maria\Desktop\wz160-32gev.msi [2012/02/27 21:34:03 | 004,511,888 | ---- | C] () -- C:\Users\Maria\Desktop\disturbed - down with the sickness.mp3 [2012/02/25 13:20:11 | 023,558,697 | ---- | C] () -- C:\Users\Maria\Desktop\Delicious Deluxe 2.rar [2012/02/25 13:18:56 | 010,752,000 | ---- | C] () -- C:\Users\Maria\Desktop\Delicious.rar [2012/02/25 11:44:04 | 064,811,400 | ---- | C] () -- C:\Users\Maria\Desktop\Cardboard Castle.rar [2012/02/25 00:45:32 | 198,590,042 | ---- | C] () -- C:\Users\Maria\Desktop\Celtic Myths - Das Vermächtnis der Kelten.rar [2012/02/24 23:22:47 | 000,001,282 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2012/02/24 23:20:29 | 277,592,327 | ---- | C] () -- C:\Users\Maria\Desktop\ThFo.rar [2012/02/24 00:48:30 | 006,934,628 | ---- | C] () -- C:\Users\Maria\Desktop\aimp_3.00.981.zip [2012/02/09 12:58:52 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012/02/09 12:58:49 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2012/02/09 12:48:19 | 000,000,740 | ---- | C] () -- C:\Users\Maria\Desktop\WinPDF.lnk [2012/02/09 12:07:07 | 013,853,991 | ---- | C] () -- C:\Users\Maria\Desktop\PDFCreator.rar [2012/02/09 11:51:40 | 000,061,314 | ---- | C] () -- C:\Users\Maria\Desktop\uploadedfile_129732582456093750-001.jpg [2012/02/09 11:51:23 | 000,049,625 | ---- | C] () -- C:\Users\Maria\Desktop\UploadedFile_129732582456093750.zip [2012/02/09 11:45:02 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\UDC Output Files.lnk [2012/02/07 13:56:22 | 000,002,338 | ---- | C] () -- C:\Users\Public\Desktop\Drawn 3 - ACTIVATION KEY.lnk [2012/02/07 13:56:22 | 000,001,355 | ---- | C] () -- C:\Users\Public\Desktop\Drawn 3 - Gefaehrliche Schatten Sammleredition.lnk [2012/02/07 13:24:15 | 000,130,872 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_9_1680x1050.jpg [2012/02/07 13:24:08 | 000,097,479 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_7_1680x1050.jpg [2012/02/07 13:24:01 | 000,171,802 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_6_1680x1050.jpg [2012/02/07 13:23:53 | 000,190,113 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_5_1680x1050.jpg [2012/02/07 13:23:41 | 000,199,061 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_3_1680x1050.jpg [2012/02/07 13:23:35 | 000,123,294 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_2_1680x1050.jpg [2012/02/07 13:23:25 | 000,155,045 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_1_1680x1050.jpg [2012/02/07 13:23:08 | 000,249,483 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_0_1680x1050.jpg [2012/02/07 13:21:44 | 000,268,457 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_8_1680x1050.jpg [2012/02/07 02:54:49 | 076,991,795 | ---- | C] () -- C:\Users\Maria\Desktop\lebendkrisen_meistern.rar [2012/02/07 02:51:46 | 083,101,051 | ---- | C] () -- C:\Users\Maria\Desktop\leichter_lernen.rar [2012/02/06 17:27:23 | 000,000,431 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.sfv [2012/02/06 17:25:20 | 010,956,360 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part4.rar [2012/02/06 17:21:59 | 100,000,000 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part3.rar [2012/02/06 17:14:46 | 100,000,000 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part2.rar [2012/02/06 17:08:17 | 100,000,000 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part1.rar [2012/02/05 20:51:01 | 000,000,922 | ---- | C] () -- C:\Users\Maria\Desktop\Delicious - Emily's Tea Garden.lnk [2012/02/05 19:49:16 | 520,202,051 | ---- | C] () -- C:\Users\Maria\Desktop\Dr2DaFl.rar [2012/02/05 18:06:54 | 000,012,009 | ---- | C] () -- C:\Users\Maria\Desktop\MyLe3BeanthBeSA.rar [2012/02/05 00:35:42 | 002,542,082 | ---- | C] () -- C:\Users\Maria\Desktop\ScummVM-0.11.0-win32.rar [2012/02/05 00:35:12 | 002,039,420 | ---- | C] () -- C:\Users\Maria\Desktop\ScummVM_-_VideoAnleitung.rar [2012/02/04 23:18:35 | 063,930,956 | ---- | C] () -- C:\Users\Maria\Desktop\George2.part3.rar [2012/02/04 23:05:03 | 104,857,600 | ---- | C] () -- C:\Users\Maria\Desktop\George2.part2.rar [2012/02/04 22:02:56 | 104,857,600 | ---- | C] () -- C:\Users\Maria\Desktop\George2.part1.rar [2012/02/04 19:05:44 | 284,629,809 | ---- | C] () -- C:\Users\Maria\Desktop\LoChDeFlSa.rar [2012/02/04 18:55:48 | 000,012,016 | ---- | C] () -- C:\Users\Maria\Desktop\BaFl2DeSpdeFi.part2.rar [2012/02/04 15:29:19 | 440,401,920 | ---- | C] () -- C:\Users\Maria\Desktop\BaFl2DeSpdeFi.part1.rar [2012/02/04 15:26:49 | 273,455,781 | ---- | C] () -- C:\Users\Maria\Desktop\MeTi.rar [2012/02/04 15:14:25 | 178,850,691 | ---- | C] () -- C:\Users\Maria\Desktop\ReCrJathRi.rar [2012/02/02 19:30:41 | 000,010,575 | ---- | C] () -- C:\Users\Maria\Documents\gäste.odt [2012/02/01 21:01:41 | 000,011,993 | ---- | C] () -- C:\Users\Maria\Desktop\HaHa2KiSA.rar [2012/01/19 16:14:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{561A55DE-9996-46FD-9D2A-9B66C1B9041F} [2012/01/16 20:35:00 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{87003652-7EC0-4D84-A15F-D72A294F86D4} [2012/01/14 15:11:05 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{48E71456-77DA-4C1D-BF93-6661BB568CA1} [2012/01/14 14:41:39 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{76A9F272-35BA-45D8-9ACA-6F24C8D59121} [2012/01/09 19:13:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{7B279821-AD17-4D7F-B955-FCDB6823D95E} [2012/01/05 20:53:57 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{6834190C-C317-45F3-B175-C69773841907} [2012/01/05 19:58:48 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{03C996F7-A4AA-4E74-83EF-27982784496F} [2012/01/05 17:34:29 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{74D7C3BB-CF21-4B03-AD5C-00089F4A5A86} [2011/12/27 20:10:15 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{40EB7C3D-7B30-420D-B040-CAF418EFE090} [2011/12/24 14:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{BEFC8434-50EB-4178-88B3-AB23164B3FA6} [2011/12/23 15:18:01 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{3F85145E-6521-49E8-9BBE-3376949FF831} [2011/12/22 18:50:57 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{917AADC5-7BB1-47C6-8067-1A2CF87C8B51} [2011/12/16 20:17:27 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{AAC92F2E-90ED-48B4-B296-F52A2C7A1E13} [2011/12/09 19:11:22 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{7C83D700-1DDB-44F5-8F63-C12267D943C7} [2011/12/09 11:57:52 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{E6BEF195-F68B-40FB-AF32-8CB8CFF0D7D7} [2011/12/08 18:32:55 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{2E1C8CB8-6FB3-436D-B4C5-2E4D639CB462} [2011/12/08 13:12:59 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F5C1CBA5-5446-4A46-9085-6CA2E85DB82F} [2011/12/07 21:06:29 | 000,000,093 | ---- | C] () -- C:\Users\Maria\AppData\Local\fusioncache.dat [2011/12/05 14:07:56 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{1870572E-CB84-4B84-853B-AA7F400A52C0} [2011/12/03 15:32:47 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{AB0AD18A-D21F-49E5-9AD9-D100149E1BA5} [2011/12/01 15:04:46 | 000,000,811 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat [2011/11/28 17:38:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{5F2AE7BD-2641-4622-9517-D3F67ABD3AE6} [2011/11/28 11:37:27 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F567547E-2B43-4721-AAFA-D90C75BC316F} [2011/11/19 03:20:03 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{7BBFDF60-C0C6-4761-AA04-A1EAF7CF4D69} [2011/11/13 17:02:21 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{2F846908-48BD-4AA6-9847-859A58FE721B} [2011/11/13 11:50:26 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{ED7667AB-1A0B-45C5-81F7-B4494AE3BD95} [2011/11/12 12:31:00 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{30773744-0D84-4750-8682-76A0F5B4C721} [2011/11/10 17:08:52 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011/11/10 17:08:52 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011/11/10 17:08:49 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011/11/10 17:00:53 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{3887F7B4-1EB9-4885-9302-F421F103ED36} [2011/11/09 18:18:10 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{39E99E25-4609-41AE-86CE-C6DB914E4BB1} [2011/11/08 15:37:24 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{E4A59500-57E8-4DEF-9FF0-C8C7A578CBDC} [2011/11/07 21:16:36 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{B9F65347-3F47-4D39-BE51-AA57A20F5BAC} [2011/11/06 18:27:26 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F0D6B26F-1C97-4859-AF6B-C0AC0FE0EA86} [2011/11/06 10:53:08 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{CAB2A007-F08C-495B-BA9E-8ED42DAEBF42} [2011/11/05 14:25:33 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{98689278-D613-4E8E-88C8-0DFADDDB3653} [2011/11/04 16:57:33 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{39BCAD41-F636-4ED3-842C-FA9D4BFDF227} [2011/11/02 18:41:04 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{D4B38819-2F59-4A20-B3D7-24DECCDBBD00} [2011/11/02 17:36:16 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{4092A7B5-35D8-45C9-93FD-37BCFF31347F} [2011/10/29 20:55:41 | 000,188,434 | ---- | C] () -- C:\Windows\hpoins28.dat.temp [2011/10/29 20:55:41 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp [2011/10/28 18:49:50 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{C419438A-EB87-46C2-B5E7-87DBFE5CF831} [2011/10/27 16:18:05 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{D12E2D09-D337-4C92-8E3F-381C48062D36} [2011/10/20 15:00:42 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{FBC9B9BF-3D96-42B5-A6B8-70CFEAAFF71A} [2011/10/19 17:13:36 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{6DF9E5B0-1328-4FD6-BA2E-9B77BF1CD135} [2011/10/18 18:44:28 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{137D1CF9-7387-4F11-A7C9-17FA3C3A85CA} [2011/09/21 20:14:18 | 000,181,993 | ---- | C] () -- C:\Windows\hpoins28.dat [2011/09/21 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{0D6524CE-A85B-4AF3-9120-ADD3C0D734BF} [2011/09/16 17:53:25 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{C63E0AFF-483D-48B1-9134-B2B57D81FF29} [2011/09/07 05:45:58 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F9068E9A-77E4-4F34-8C13-627FFBF7DFC2} [2011/09/06 18:50:00 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{14ED1CA6-A1C2-4B19-8D01-1637840B0663} [2011/09/04 13:42:01 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{2AC3D20F-143C-4262-A31C-ADAC5ED5B80D} [2011/09/04 09:55:01 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{40D5E966-18D8-46FE-AC1E-0BD65F48C235} [2011/08/28 13:46:04 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{3CFA64FA-2036-4F22-97AA-A814CE52113D} [2011/08/26 18:39:46 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{20C9F838-FBA2-4DAF-BF0F-DF46CB4404C2} [2011/08/24 18:38:57 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{2C258727-03EA-4C45-8FDC-0B651FBF4F90} [2011/08/24 12:51:58 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{08F042FD-F4D6-409B-B9D5-45CF901A6173} [2011/08/23 22:08:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{DA70D06B-9A87-4D84-9015-2F1CECE6F36C} [2011/08/23 19:05:16 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{18ABCE63-452A-4BFA-95A5-2EDB9556C34C} [2011/08/23 14:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{342F4B8D-3635-4772-A3A4-4C3B8A2AC59E} [2011/08/23 13:59:04 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{B03351A1-2100-4C6A-8C70-623C2FAE5B50} [2011/08/22 19:13:18 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{BA30288B-7B2C-4A8C-8722-C090A3FCAD81} [2011/08/20 13:12:02 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{0C14257C-A016-4606-BC63-102CDC02CB70} [2011/08/19 18:21:25 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{71F0FF9F-FD7D-4215-A827-416EAA851D51} [2011/08/16 18:07:09 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{5E6E005B-2AD6-4498-AEC8-93C9F8C51279} [2011/08/15 19:20:11 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{864C38C1-17A3-484D-BD21-2539FC5533AE} [2011/08/13 15:55:08 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{6371F04A-21C1-432F-8F76-ECF18C6A0167} [2011/08/13 12:30:16 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{41B36B33-490F-4539-A891-3D4874F37889} [2011/08/08 20:03:37 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{0D7AACCC-FC27-4BCE-97A9-054F2B813A52} [2011/08/06 23:42:19 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{C9AC0055-E238-4826-8DAF-65ABFA28094B} [2011/08/05 21:13:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{6AC1A387-D1FD-4AA4-9959-7442C3598105} [2011/08/05 04:47:14 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{96AEE558-B67D-43B1-A52E-5399DA9FF3CE} [2011/07/29 16:00:19 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{E7716BD3-3C7E-4052-B6FB-79A08F882B6F} [2011/07/29 10:54:21 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{9D5E3C90-5440-496F-8D11-7D4100589DD6} [2011/07/23 10:51:21 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{EB71CA91-1794-4766-A88E-E2B676B5C4BB} [2011/07/21 13:45:53 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{39C406A1-089A-46FC-9D0F-93F4B761041C} [2011/07/21 00:38:04 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{BCA9AA68-4E0D-4A80-99E2-A65EEB53AC80} [2011/07/19 20:34:24 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{9ED7F68C-CEED-4F62-956C-4CB1648E0ECD} [2011/07/19 01:35:18 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/07/19 01:35:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/07/18 18:13:34 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F029D5B5-C513-4352-95A2-62EF17C53AE2} [2011/05/29 09:19:16 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll [2011/05/25 20:29:26 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\np_plugin.dll [2011/05/23 20:12:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/23 13:39:11 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2011/05/23 13:38:10 | 001,656,258 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/23 13:21:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/03/15 05:36:25 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2010/03/15 05:23:50 | 000,000,397 | ---- | C] () -- C:\Windows\HotFixList.ini [2010/03/15 04:55:35 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\Rezip.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:58E38390 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:823606DE @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:774C075A @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B0A727D1 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8AE92FD3 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:13019F4B @Alternate Data Stream - 143 bytes -> C:\Users\Maria\Documents\mail.eml:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5E8C18F1 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E9FAC3AB @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B6D84F71 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CAC06C34 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9603033A @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8BE7A048 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:587F3582 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:18DEBC51 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A88BE334 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E894A3ED @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:700B9342 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:26499772 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:14B2E0BD @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:F45F3031 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:4E79C4F8 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2C678471 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1CDEDE11 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FB4262DE @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E2458802 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2F8138B7 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:F5D01D7C @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BFA43EB @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1A15E356 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4EC7F009 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:206470A5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6EE8565A @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:AFC732F7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E6708F08 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AAA06E15 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F84B8DB5 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BF640EE5 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4D551822 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C78DADEA < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/28/2012 4:53:47 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Maria\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.85 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 79.39% Memory free
7.71 Gb Paging File | 6.96 Gb Available in Paging File | 90.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 26.76 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 266.09 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Computer Name: MARIKASTL | User Name: Maria | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A00C9114-40E6-4C70-A619-7DF264B23485}" = HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}" = DJ_AIO_03_F4200_Software_Min
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{616A370D-F444-4CBD-9481-BC08BAE3E353}" = Drawn 3 - Gefaehrliche Schatten Sammleredition
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EE9145D-C430-44E6-B5ED-61FF9C332103}_is1" = War of the Immortals
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PRJPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PRJPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PRJPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{90120000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2007
"{90120000-00B4-0407-0000-0000000FF1CE}_PRJPRO_{16809599-3C53-4A9A-A7E2-74A6D0D2C007}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2524280-A5CF-4458-B809-167F13FAB56D}" = F4200
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"02bf65d645994df0ab711ea0e293f29d" = Delicious - Emily's Tea Garden
"4Story_DE_is1" = 4Story DE 3.6.146
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIMP2" = AIMP2
"Any Video Converter_is1" = Any Video Converter 3.3.2
"BFGC" = Big Fish Games: Game Manager
"BFG-Drawn - Flucht aus der Dunkelheit Sammleredition" = Drawn: ® Flucht aus der Dunkelheit Sammleredition
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Delicious 2 Deluxe" = Delicious 2 Deluxe
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Free Audio Converter_is1" = Free Audio Converter version 5.0.3.1206
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"F-Secure Product 444" = Kabel Sicherheitspaket
"Guild Wars" = GUILD WARS
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LastFM_is1" = Last.fm 1.5.4.27091
"Live 8.2.2" = Live 8.2.2
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Moppi Flower Saver Installer_is1" = Moppi Flower Saver 1.0
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Opera 11.61.1250" = Opera 11.61
"PRJPRO" = Microsoft Office Project Professional 2007
"RADVideo" = RAD Video Tools
"ScummVM_is1" = ScummVM Git
"TIPP10_is1" = TIPP10 Version 2.1.0
"toolplugin" = toolplugin
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.10
"Windows XP Video Screensaver Powertoy_is1" = Windows XP Video Screensaver Powertoy
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/26/2012 10:29:47 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 2/26/2012 10:29:48 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 2/26/2012 10:29:49 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 2/26/2012 10:29:50 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 2/26/2012 10:29:51 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 2/26/2012 10:29:52 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 2/26/2012 10:29:53 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 2/26/2012 10:29:54 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 2/26/2012 10:29:56 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 2/26/2012 10:29:57 AM | Computer Name = MarikasTL | Source = .NET Runtime Optimization Service | ID = 1101
Description =
[ System Events ]
Error - 9/30/2011 3:31:06 AM | Computer Name = MarikasTL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
FSES
Error - 9/30/2011 5:09:10 AM | Computer Name = MarikasTL | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 9/30/2011 5:09:10 AM | Computer Name = MarikasTL | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 9/30/2011 5:09:26 AM | Computer Name = MarikasTL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
FSES
Error - 10/8/2011 12:45:22 PM | Computer Name = MarikasTL | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 10/8/2011 12:45:22 PM | Computer Name = MarikasTL | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 10/8/2011 12:45:38 PM | Computer Name = MarikasTL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
FSES
Error - 10/9/2011 2:44:39 AM | Computer Name = MarikasTL | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 10/9/2011 2:44:39 AM | Computer Name = MarikasTL | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 10/9/2011 2:44:55 AM | Computer Name = MarikasTL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
FSES
< End of report >
|
|
29.02.2012, 07:51
| #4 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\SysWOW64\Rezip.exe
C:\Users\Maria\AppData\Local\Skype\Skype.exe
Fix für OTL:
 Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Maria\AppData\Roaming\toolplugin\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:58E38390
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:823606DE
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:774C075A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B0A727D1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8AE92FD3
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:13019F4B
@Alternate Data Stream - 143 bytes -> C:\Users\Maria\Documents\mail.eml:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5E8C18F1
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E9FAC3AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B6D84F71
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CAC06C34
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9603033A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8BE7A048
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:587F3582
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:18DEBC51
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A88BE334
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E894A3ED
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:26499772
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:14B2E0BD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:F45F3031
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:4E79C4F8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2C678471
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1CDEDE11
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FB4262DE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E2458802
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2F8138B7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BFA43EB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4EC7F009
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:AFC732F7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AAA06E15
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BF640EE5
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4D551822
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C78DADEA
O4 - HKCU..\Run: [SkypeM] C:\Users\Maria\AppData\Local\Skype\Skype.exe ()
:Commands
[emptytemp]
[Reboot]
Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
29.02.2012, 21:53
| #5 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Hi, ich hoffe, ich habe alles richtig gemacht. Auswertung Rezip.exe Code:
ATTFilter File already analysed
This file was already analysed by VirusTotal on 2012-02-25 20:23:49.
Detection ratio: 0/43
You can take a look at the last analysis or analyse it again now.
OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/28/2012 4:53:47 PM - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Maria\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.85 Gb Total Physical Memory | 3.06 Gb Available Physical Memory | 79.39% Memory free 7.71 Gb Paging File | 6.96 Gb Available in Paging File | 90.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 179.00 Gb Total Space | 26.76 Gb Free Space | 14.95% Space Free | Partition Type: NTFS Drive D: | 266.66 Gb Total Space | 266.09 Gb Free Space | 99.79% Space Free | Partition Type: NTFS Computer Name: MARIKASTL | User Name: Maria | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maria\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ezGOSvc) -- C:\Windows\SysWOW64\ezGOSvc.dll () SRV - (FSORSPClient) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FSMA) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Rezip) -- C:\Windows\SysWOW64\Rezip.exe () SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys () DRV - (F-Secure HIPS) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (fsvista) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012/02/17 13:25:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 21:00:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/24 18:35:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/29 21:00:40 | 000,000,000 | ---D | M] [2011/06/19 21:59:43 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012/02/24 18:33:53 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Maria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Maria\AppData\Roaming\toolplugin\toolbar.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [4StoryPrePatch] C:\Program Files (x86)\Gameforge4D\4Story_DE\PrePatch.exe (Zemi Interactive Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Maria\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [SkypeM] C:\Users\Maria\AppData\Local\Skype\Skype.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maria\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F9F901C-C935-4A66-BFB9-4948610E056C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B392774D-873C-4088-A5C4-50BFE6380FFC}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c513cae5-ab2f-11e0-adf3-002454bac2c4}\Shell - "" = AutoRun O33 - MountPoints2\{c513cae5-ab2f-11e0-adf3-002454bac2c4}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{c513cae5-ab2f-11e0-adf3-002454bac2c4}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{c513cae5-ab2f-11e0-adf3-002454bac2c4}\Shell\install\command - "" = F:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/02/28 00:10:54 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe [2012/02/28 00:06:02 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Local\ElevatedDiagnostics [2012/02/27 22:24:59 | 002,007,072 | ---- | C] (Piston Software ) -- C:\Users\Maria\Desktop\mp3joiner_setup.exe [2012/02/27 22:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2012/02/27 22:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2012/02/27 22:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2012/02/27 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\once _2 [2012/02/27 21:42:09 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\once [2012/02/25 13:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom [2012/02/25 13:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameHouse [2012/02/25 13:22:31 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\Delicious Deluxe 2 [2012/02/25 12:37:09 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\CardBoard Castle [2012/02/25 03:14:37 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Funlinker [2012/02/25 00:44:02 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\MagicIndie [2012/02/25 00:42:55 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\ThFo [2012/02/24 23:21:52 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2012/02/24 23:21:52 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2012/02/24 23:21:52 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2012/02/24 23:21:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2012/02/24 23:21:51 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2012/02/24 23:21:51 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2012/02/24 23:21:49 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2012/02/24 23:21:49 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2012/02/24 23:21:47 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2012/02/24 23:21:47 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2012/02/24 23:21:46 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2012/02/24 23:21:46 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2012/02/24 23:21:45 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2012/02/24 23:21:45 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2012/02/24 23:21:43 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2012/02/24 23:21:43 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2012/02/24 18:33:49 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\toolplugin [2012/02/24 00:48:41 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\aimp_3.00.981 [2012/02/16 11:37:27 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/02/16 11:37:11 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/02/16 11:37:11 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/02/16 11:37:04 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/02/16 11:36:26 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/02/16 11:36:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/16 11:36:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/16 11:36:24 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/16 11:36:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/16 11:36:24 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/16 11:36:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/09 12:58:52 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\pdfforge [2012/02/09 12:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012/02/09 12:58:49 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012/02/09 12:58:47 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012/02/09 12:58:47 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012/02/09 12:58:47 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012/02/09 12:58:47 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012/02/09 12:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012/02/09 12:56:48 | 018,590,304 | ---- | C] (pdfforge GbR) -- C:\Users\Maria\Desktop\PDFCreator-1_2_3_setup.exe [2012/02/09 12:48:19 | 001,332,736 | ---- | C] (PDF Desk Informatique) -- C:\Windows\WinPDF.exe [2012/02/09 12:09:17 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\PDFCreator [2012/02/09 11:51:48 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\UploadedFile_129732582456093750 [2012/02/09 11:47:12 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\UDC Profiles [2012/02/09 11:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Document Converter [2012/02/09 11:44:56 | 000,030,656 | ---- | C] (fCoder Group, Inc.) -- C:\Windows\SysNative\udcpm.dll [2012/02/09 11:44:56 | 000,000,000 | R--D | C] -- C:\Users\Maria\Documents\UDC Output Files [2012/02/09 11:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Universal Document Converter [2012/02/07 13:56:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeeGT-Games [2012/02/07 13:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn 3 - Gefaehrliche Schatten Sammleredition [2012/02/06 19:57:25 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\Dr2DaFl [2012/02/06 17:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012/02/06 17:33:05 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012/02/06 17:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012/02/06 17:31:17 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012/02/06 16:55:58 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\bewerbung [2012/02/05 20:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom [2012/02/05 19:13:33 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Flucht aus der Dunkelheit Sammleredition [2012/02/05 19:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Drawn - Flucht aus der Dunkelheit Sammleredition [2012/02/05 19:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Drawn - Flucht aus der Dunkelheit Sammleredition [2012/02/05 18:28:18 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\PlayPond [2012/02/05 02:10:49 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\ScummVM_-_VideoAnleitung [2012/02/04 23:04:41 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\George2 [2012/02/04 22:03:47 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\VendelGAMES [2012/02/04 22:03:23 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\LoChDeFlSa [2012/02/04 18:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sweet Animals [2012/02/04 18:58:16 | 000,000,000 | ---D | C] -- C:\Programme [2012/02/04 18:56:59 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\MeTi [2012/02/04 15:22:09 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\GamersDigital [2012/02/04 15:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\GamersDigital [2012/02/04 15:20:54 | 000,000,000 | ---D | C] -- C:\Users\Maria\Desktop\ReCrJathRi [2012/02/01 20:28:04 | 000,000,000 | ---D | C] -- C:\Users\Maria\AppData\Roaming\ERS Game Studios [1 C:\Users\Maria\Documents\*.tmp files -> C:\Users\Maria\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/28 16:34:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/02/28 16:34:05 | 4137,803,776 | -HS- | M] () -- C:\hiberfil.sys [2012/02/28 00:10:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Maria\Desktop\OTL.exe [2012/02/27 23:59:33 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/27 23:59:33 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/27 23:15:42 | 000,449,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/27 22:47:29 | 000,337,264 | ---- | M] () -- C:\Users\Maria\Desktop\relink.us__129.Walt.Disney.Zeichentrickfilme.German.1937-2010.DVDRiP.XviD-iNTERNAL_5403d0f39c59a936a4b0ef915db3a9.dlc [2012/02/27 22:25:09 | 002,007,072 | ---- | M] (Piston Software ) -- C:\Users\Maria\Desktop\mp3joiner_setup.exe [2012/02/27 22:18:25 | 027,065,344 | ---- | M] () -- C:\Users\Maria\Desktop\wz160-32gev.msi [2012/02/27 21:34:24 | 004,511,888 | ---- | M] () -- C:\Users\Maria\Desktop\disturbed - down with the sickness.mp3 [2012/02/25 13:22:19 | 023,558,697 | ---- | M] () -- C:\Users\Maria\Desktop\Delicious Deluxe 2.rar [2012/02/25 13:18:56 | 010,752,000 | ---- | M] () -- C:\Users\Maria\Desktop\Delicious.rar [2012/02/25 12:00:05 | 064,811,400 | ---- | M] () -- C:\Users\Maria\Desktop\Cardboard Castle.rar [2012/02/25 01:24:37 | 198,590,042 | ---- | M] () -- C:\Users\Maria\Desktop\Celtic Myths - Das Vermächtnis der Kelten.rar [2012/02/25 00:29:14 | 277,592,327 | ---- | M] () -- C:\Users\Maria\Desktop\ThFo.rar [2012/02/24 23:22:47 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2012/02/24 18:35:38 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2012/02/24 18:35:38 | 000,001,571 | ---- | M] () -- C:\Users\Maria\Desktop\DivX Movies.lnk [2012/02/24 18:35:27 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2012/02/24 18:15:14 | 001,700,356 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/02/24 18:15:14 | 000,719,678 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/02/24 18:15:14 | 000,672,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/02/24 18:15:14 | 000,159,052 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/02/24 18:15:14 | 000,130,668 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/02/24 00:48:32 | 006,934,628 | ---- | M] () -- C:\Users\Maria\Desktop\aimp_3.00.981.zip [2012/02/17 13:20:47 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012/02/16 13:16:17 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012/02/16 13:16:17 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012/02/16 13:15:12 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2012/02/16 13:12:50 | 000,702,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/02/16 13:12:50 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/02/16 13:12:50 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/02/16 13:12:50 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/02/16 13:12:50 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/02/16 13:12:50 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/02/16 13:12:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/02/09 12:58:52 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012/02/09 12:56:53 | 018,590,304 | ---- | M] (pdfforge GbR) -- C:\Users\Maria\Desktop\PDFCreator-1_2_3_setup.exe [2012/02/09 12:48:19 | 000,000,740 | ---- | M] () -- C:\Users\Maria\Desktop\WinPDF.lnk [2012/02/09 12:08:18 | 013,853,991 | ---- | M] () -- C:\Users\Maria\Desktop\PDFCreator.rar [2012/02/09 11:51:23 | 000,049,625 | ---- | M] () -- C:\Users\Maria\Desktop\UploadedFile_129732582456093750.zip [2012/02/09 11:50:48 | 000,061,314 | ---- | M] () -- C:\Users\Maria\Desktop\uploadedfile_129732582456093750-001.jpg [2012/02/09 11:45:02 | 000,000,693 | ---- | M] () -- C:\Users\Public\Desktop\UDC Output Files.lnk [2012/02/07 13:56:22 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Drawn 3 - ACTIVATION KEY.lnk [2012/02/07 13:56:22 | 000,001,355 | ---- | M] () -- C:\Users\Public\Desktop\Drawn 3 - Gefaehrliche Schatten Sammleredition.lnk [2012/02/07 13:24:15 | 000,130,872 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_9_1680x1050.jpg [2012/02/07 13:24:08 | 000,097,479 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_7_1680x1050.jpg [2012/02/07 13:24:01 | 000,171,802 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_6_1680x1050.jpg [2012/02/07 13:23:53 | 000,190,113 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_5_1680x1050.jpg [2012/02/07 13:23:41 | 000,199,061 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_3_1680x1050.jpg [2012/02/07 13:23:35 | 000,123,294 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_2_1680x1050.jpg [2012/02/07 13:23:25 | 000,155,045 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_1_1680x1050.jpg [2012/02/07 13:23:08 | 000,249,483 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_0_1680x1050.jpg [2012/02/07 13:21:44 | 000,268,457 | ---- | M] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_8_1680x1050.jpg [2012/02/07 02:55:47 | 076,991,795 | ---- | M] () -- C:\Users\Maria\Desktop\lebendkrisen_meistern.rar [2012/02/07 02:52:32 | 083,101,051 | ---- | M] () -- C:\Users\Maria\Desktop\leichter_lernen.rar [2012/02/06 19:49:02 | 520,202,051 | ---- | M] () -- C:\Users\Maria\Desktop\Dr2DaFl.rar [2012/02/06 17:27:23 | 000,000,431 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.sfv [2012/02/06 17:25:40 | 010,956,360 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part4.rar [2012/02/06 17:24:55 | 100,000,000 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part3.rar [2012/02/06 17:21:30 | 100,000,000 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part2.rar [2012/02/06 17:14:23 | 100,000,000 | ---- | M] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part1.rar [2012/02/05 22:19:08 | 000,012,009 | ---- | M] () -- C:\Users\Maria\Desktop\MyLe3BeanthBeSA.rar [2012/02/05 20:51:01 | 000,000,922 | ---- | M] () -- C:\Users\Maria\Desktop\Delicious - Emily's Tea Garden.lnk [2012/02/05 00:35:42 | 002,542,082 | ---- | M] () -- C:\Users\Maria\Desktop\ScummVM-0.11.0-win32.rar [2012/02/05 00:35:16 | 002,039,420 | ---- | M] () -- C:\Users\Maria\Desktop\ScummVM_-_VideoAnleitung.rar [2012/02/04 23:19:56 | 063,930,956 | ---- | M] () -- C:\Users\Maria\Desktop\George2.part3.rar [2012/02/04 23:07:46 | 104,857,600 | ---- | M] () -- C:\Users\Maria\Desktop\George2.part2.rar [2012/02/04 22:06:15 | 104,857,600 | ---- | M] () -- C:\Users\Maria\Desktop\George2.part1.rar [2012/02/04 21:45:37 | 000,012,016 | ---- | M] () -- C:\Users\Maria\Desktop\BaFl2DeSpdeFi.part2.rar [2012/02/04 19:21:25 | 284,629,809 | ---- | M] () -- C:\Users\Maria\Desktop\LoChDeFlSa.rar [2012/02/04 17:54:07 | 440,401,920 | ---- | M] () -- C:\Users\Maria\Desktop\BaFl2DeSpdeFi.part1.rar [2012/02/04 15:36:02 | 273,455,781 | ---- | M] () -- C:\Users\Maria\Desktop\MeTi.rar [2012/02/04 15:20:38 | 178,850,691 | ---- | M] () -- C:\Users\Maria\Desktop\ReCrJathRi.rar [2012/02/02 19:30:48 | 000,010,575 | ---- | M] () -- C:\Users\Maria\Documents\gäste.odt [2012/02/02 19:23:05 | 000,011,993 | ---- | M] () -- C:\Users\Maria\Desktop\HaHa2KiSA.rar [1 C:\Users\Maria\Documents\*.tmp files -> C:\Users\Maria\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/27 23:15:25 | 000,449,976 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/02/27 22:47:29 | 000,337,264 | ---- | C] () -- C:\Users\Maria\Desktop\relink.us__129.Walt.Disney.Zeichentrickfilme.German.1937-2010.DVDRiP.XviD-iNTERNAL_5403d0f39c59a936a4b0ef915db3a9.dlc [2012/02/27 22:18:18 | 027,065,344 | ---- | C] () -- C:\Users\Maria\Desktop\wz160-32gev.msi [2012/02/27 21:34:03 | 004,511,888 | ---- | C] () -- C:\Users\Maria\Desktop\disturbed - down with the sickness.mp3 [2012/02/25 13:20:11 | 023,558,697 | ---- | C] () -- C:\Users\Maria\Desktop\Delicious Deluxe 2.rar [2012/02/25 13:18:56 | 010,752,000 | ---- | C] () -- C:\Users\Maria\Desktop\Delicious.rar [2012/02/25 11:44:04 | 064,811,400 | ---- | C] () -- C:\Users\Maria\Desktop\Cardboard Castle.rar [2012/02/25 00:45:32 | 198,590,042 | ---- | C] () -- C:\Users\Maria\Desktop\Celtic Myths - Das Vermächtnis der Kelten.rar [2012/02/24 23:22:47 | 000,001,282 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk [2012/02/24 23:20:29 | 277,592,327 | ---- | C] () -- C:\Users\Maria\Desktop\ThFo.rar [2012/02/24 00:48:30 | 006,934,628 | ---- | C] () -- C:\Users\Maria\Desktop\aimp_3.00.981.zip [2012/02/09 12:58:52 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012/02/09 12:58:49 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2012/02/09 12:48:19 | 000,000,740 | ---- | C] () -- C:\Users\Maria\Desktop\WinPDF.lnk [2012/02/09 12:07:07 | 013,853,991 | ---- | C] () -- C:\Users\Maria\Desktop\PDFCreator.rar [2012/02/09 11:51:40 | 000,061,314 | ---- | C] () -- C:\Users\Maria\Desktop\uploadedfile_129732582456093750-001.jpg [2012/02/09 11:51:23 | 000,049,625 | ---- | C] () -- C:\Users\Maria\Desktop\UploadedFile_129732582456093750.zip [2012/02/09 11:45:02 | 000,000,693 | ---- | C] () -- C:\Users\Public\Desktop\UDC Output Files.lnk [2012/02/07 13:56:22 | 000,002,338 | ---- | C] () -- C:\Users\Public\Desktop\Drawn 3 - ACTIVATION KEY.lnk [2012/02/07 13:56:22 | 000,001,355 | ---- | C] () -- C:\Users\Public\Desktop\Drawn 3 - Gefaehrliche Schatten Sammleredition.lnk [2012/02/07 13:24:15 | 000,130,872 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_9_1680x1050.jpg [2012/02/07 13:24:08 | 000,097,479 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_7_1680x1050.jpg [2012/02/07 13:24:01 | 000,171,802 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_6_1680x1050.jpg [2012/02/07 13:23:53 | 000,190,113 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_5_1680x1050.jpg [2012/02/07 13:23:41 | 000,199,061 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_3_1680x1050.jpg [2012/02/07 13:23:35 | 000,123,294 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_2_1680x1050.jpg [2012/02/07 13:23:25 | 000,155,045 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_1_1680x1050.jpg [2012/02/07 13:23:08 | 000,249,483 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_0_1680x1050.jpg [2012/02/07 13:21:44 | 000,268,457 | ---- | C] () -- C:\Users\Maria\Desktop\DATA_ART_Wallpaper_WallPaper_8_1680x1050.jpg [2012/02/07 02:54:49 | 076,991,795 | ---- | C] () -- C:\Users\Maria\Desktop\lebendkrisen_meistern.rar [2012/02/07 02:51:46 | 083,101,051 | ---- | C] () -- C:\Users\Maria\Desktop\leichter_lernen.rar [2012/02/06 17:27:23 | 000,000,431 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.sfv [2012/02/06 17:25:20 | 010,956,360 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part4.rar [2012/02/06 17:21:59 | 100,000,000 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part3.rar [2012/02/06 17:14:46 | 100,000,000 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part2.rar [2012/02/06 17:08:17 | 100,000,000 | ---- | C] () -- C:\Users\Maria\Desktop\MOPP2007SP2.part1.rar [2012/02/05 20:51:01 | 000,000,922 | ---- | C] () -- C:\Users\Maria\Desktop\Delicious - Emily's Tea Garden.lnk [2012/02/05 19:49:16 | 520,202,051 | ---- | C] () -- C:\Users\Maria\Desktop\Dr2DaFl.rar [2012/02/05 18:06:54 | 000,012,009 | ---- | C] () -- C:\Users\Maria\Desktop\MyLe3BeanthBeSA.rar [2012/02/05 00:35:42 | 002,542,082 | ---- | C] () -- C:\Users\Maria\Desktop\ScummVM-0.11.0-win32.rar [2012/02/05 00:35:12 | 002,039,420 | ---- | C] () -- C:\Users\Maria\Desktop\ScummVM_-_VideoAnleitung.rar [2012/02/04 23:18:35 | 063,930,956 | ---- | C] () -- C:\Users\Maria\Desktop\George2.part3.rar [2012/02/04 23:05:03 | 104,857,600 | ---- | C] () -- C:\Users\Maria\Desktop\George2.part2.rar [2012/02/04 22:02:56 | 104,857,600 | ---- | C] () -- C:\Users\Maria\Desktop\George2.part1.rar [2012/02/04 19:05:44 | 284,629,809 | ---- | C] () -- C:\Users\Maria\Desktop\LoChDeFlSa.rar [2012/02/04 18:55:48 | 000,012,016 | ---- | C] () -- C:\Users\Maria\Desktop\BaFl2DeSpdeFi.part2.rar [2012/02/04 15:29:19 | 440,401,920 | ---- | C] () -- C:\Users\Maria\Desktop\BaFl2DeSpdeFi.part1.rar [2012/02/04 15:26:49 | 273,455,781 | ---- | C] () -- C:\Users\Maria\Desktop\MeTi.rar [2012/02/04 15:14:25 | 178,850,691 | ---- | C] () -- C:\Users\Maria\Desktop\ReCrJathRi.rar [2012/02/02 19:30:41 | 000,010,575 | ---- | C] () -- C:\Users\Maria\Documents\gäste.odt [2012/02/01 21:01:41 | 000,011,993 | ---- | C] () -- C:\Users\Maria\Desktop\HaHa2KiSA.rar [2012/01/19 16:14:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{561A55DE-9996-46FD-9D2A-9B66C1B9041F} [2012/01/16 20:35:00 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{87003652-7EC0-4D84-A15F-D72A294F86D4} [2012/01/14 15:11:05 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{48E71456-77DA-4C1D-BF93-6661BB568CA1} [2012/01/14 14:41:39 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{76A9F272-35BA-45D8-9ACA-6F24C8D59121} [2012/01/09 19:13:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{7B279821-AD17-4D7F-B955-FCDB6823D95E} [2012/01/05 20:53:57 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{6834190C-C317-45F3-B175-C69773841907} [2012/01/05 19:58:48 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{03C996F7-A4AA-4E74-83EF-27982784496F} [2012/01/05 17:34:29 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{74D7C3BB-CF21-4B03-AD5C-00089F4A5A86} [2011/12/27 20:10:15 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{40EB7C3D-7B30-420D-B040-CAF418EFE090} [2011/12/24 14:06:11 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{BEFC8434-50EB-4178-88B3-AB23164B3FA6} [2011/12/23 15:18:01 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{3F85145E-6521-49E8-9BBE-3376949FF831} [2011/12/22 18:50:57 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{917AADC5-7BB1-47C6-8067-1A2CF87C8B51} [2011/12/16 20:17:27 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{AAC92F2E-90ED-48B4-B296-F52A2C7A1E13} [2011/12/09 19:11:22 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{7C83D700-1DDB-44F5-8F63-C12267D943C7} [2011/12/09 11:57:52 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{E6BEF195-F68B-40FB-AF32-8CB8CFF0D7D7} [2011/12/08 18:32:55 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{2E1C8CB8-6FB3-436D-B4C5-2E4D639CB462} [2011/12/08 13:12:59 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F5C1CBA5-5446-4A46-9085-6CA2E85DB82F} [2011/12/07 21:06:29 | 000,000,093 | ---- | C] () -- C:\Users\Maria\AppData\Local\fusioncache.dat [2011/12/05 14:07:56 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{1870572E-CB84-4B84-853B-AA7F400A52C0} [2011/12/03 15:32:47 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{AB0AD18A-D21F-49E5-9AD9-D100149E1BA5} [2011/12/01 15:04:46 | 000,000,811 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat [2011/11/28 17:38:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{5F2AE7BD-2641-4622-9517-D3F67ABD3AE6} [2011/11/28 11:37:27 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F567547E-2B43-4721-AAFA-D90C75BC316F} [2011/11/19 03:20:03 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{7BBFDF60-C0C6-4761-AA04-A1EAF7CF4D69} [2011/11/13 17:02:21 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{2F846908-48BD-4AA6-9847-859A58FE721B} [2011/11/13 11:50:26 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{ED7667AB-1A0B-45C5-81F7-B4494AE3BD95} [2011/11/12 12:31:00 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{30773744-0D84-4750-8682-76A0F5B4C721} [2011/11/10 17:08:52 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2011/11/10 17:08:52 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2011/11/10 17:08:49 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011/11/10 17:00:53 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{3887F7B4-1EB9-4885-9302-F421F103ED36} [2011/11/09 18:18:10 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{39E99E25-4609-41AE-86CE-C6DB914E4BB1} [2011/11/08 15:37:24 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{E4A59500-57E8-4DEF-9FF0-C8C7A578CBDC} [2011/11/07 21:16:36 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{B9F65347-3F47-4D39-BE51-AA57A20F5BAC} [2011/11/06 18:27:26 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F0D6B26F-1C97-4859-AF6B-C0AC0FE0EA86} [2011/11/06 10:53:08 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{CAB2A007-F08C-495B-BA9E-8ED42DAEBF42} [2011/11/05 14:25:33 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{98689278-D613-4E8E-88C8-0DFADDDB3653} [2011/11/04 16:57:33 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{39BCAD41-F636-4ED3-842C-FA9D4BFDF227} [2011/11/02 18:41:04 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{D4B38819-2F59-4A20-B3D7-24DECCDBBD00} [2011/11/02 17:36:16 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{4092A7B5-35D8-45C9-93FD-37BCFF31347F} [2011/10/29 20:55:41 | 000,188,434 | ---- | C] () -- C:\Windows\hpoins28.dat.temp [2011/10/29 20:55:41 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp [2011/10/28 18:49:50 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{C419438A-EB87-46C2-B5E7-87DBFE5CF831} [2011/10/27 16:18:05 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{D12E2D09-D337-4C92-8E3F-381C48062D36} [2011/10/20 15:00:42 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{FBC9B9BF-3D96-42B5-A6B8-70CFEAAFF71A} [2011/10/19 17:13:36 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{6DF9E5B0-1328-4FD6-BA2E-9B77BF1CD135} [2011/10/18 18:44:28 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{137D1CF9-7387-4F11-A7C9-17FA3C3A85CA} [2011/09/21 20:14:18 | 000,181,993 | ---- | C] () -- C:\Windows\hpoins28.dat [2011/09/21 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{0D6524CE-A85B-4AF3-9120-ADD3C0D734BF} [2011/09/16 17:53:25 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{C63E0AFF-483D-48B1-9134-B2B57D81FF29} [2011/09/07 05:45:58 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F9068E9A-77E4-4F34-8C13-627FFBF7DFC2} [2011/09/06 18:50:00 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{14ED1CA6-A1C2-4B19-8D01-1637840B0663} [2011/09/04 13:42:01 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{2AC3D20F-143C-4262-A31C-ADAC5ED5B80D} [2011/09/04 09:55:01 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{40D5E966-18D8-46FE-AC1E-0BD65F48C235} [2011/08/28 13:46:04 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{3CFA64FA-2036-4F22-97AA-A814CE52113D} [2011/08/26 18:39:46 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{20C9F838-FBA2-4DAF-BF0F-DF46CB4404C2} [2011/08/24 18:38:57 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{2C258727-03EA-4C45-8FDC-0B651FBF4F90} [2011/08/24 12:51:58 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{08F042FD-F4D6-409B-B9D5-45CF901A6173} [2011/08/23 22:08:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{DA70D06B-9A87-4D84-9015-2F1CECE6F36C} [2011/08/23 19:05:16 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{18ABCE63-452A-4BFA-95A5-2EDB9556C34C} [2011/08/23 14:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{342F4B8D-3635-4772-A3A4-4C3B8A2AC59E} [2011/08/23 13:59:04 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{B03351A1-2100-4C6A-8C70-623C2FAE5B50} [2011/08/22 19:13:18 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{BA30288B-7B2C-4A8C-8722-C090A3FCAD81} [2011/08/20 13:12:02 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{0C14257C-A016-4606-BC63-102CDC02CB70} [2011/08/19 18:21:25 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{71F0FF9F-FD7D-4215-A827-416EAA851D51} [2011/08/16 18:07:09 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{5E6E005B-2AD6-4498-AEC8-93C9F8C51279} [2011/08/15 19:20:11 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{864C38C1-17A3-484D-BD21-2539FC5533AE} [2011/08/13 15:55:08 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{6371F04A-21C1-432F-8F76-ECF18C6A0167} [2011/08/13 12:30:16 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{41B36B33-490F-4539-A891-3D4874F37889} [2011/08/08 20:03:37 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{0D7AACCC-FC27-4BCE-97A9-054F2B813A52} [2011/08/06 23:42:19 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{C9AC0055-E238-4826-8DAF-65ABFA28094B} [2011/08/05 21:13:38 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{6AC1A387-D1FD-4AA4-9959-7442C3598105} [2011/08/05 04:47:14 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{96AEE558-B67D-43B1-A52E-5399DA9FF3CE} [2011/07/29 16:00:19 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{E7716BD3-3C7E-4052-B6FB-79A08F882B6F} [2011/07/29 10:54:21 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{9D5E3C90-5440-496F-8D11-7D4100589DD6} [2011/07/23 10:51:21 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{EB71CA91-1794-4766-A88E-E2B676B5C4BB} [2011/07/21 13:45:53 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{39C406A1-089A-46FC-9D0F-93F4B761041C} [2011/07/21 00:38:04 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{BCA9AA68-4E0D-4A80-99E2-A65EEB53AC80} [2011/07/19 20:34:24 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{9ED7F68C-CEED-4F62-956C-4CB1648E0ECD} [2011/07/19 01:35:18 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/07/19 01:35:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011/07/18 18:13:34 | 000,000,000 | ---- | C] () -- C:\Users\Maria\AppData\Local\{F029D5B5-C513-4352-95A2-62EF17C53AE2} [2011/05/29 09:19:16 | 000,080,256 | ---- | C] () -- C:\Windows\SysWow64\ezGOSvc.dll [2011/05/25 20:29:26 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\np_plugin.dll [2011/05/23 20:12:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/05/23 13:39:11 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2011/05/23 13:38:10 | 001,656,258 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/23 13:21:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/03/15 05:36:25 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2010/03/15 05:23:50 | 000,000,397 | ---- | C] () -- C:\Windows\HotFixList.ini [2010/03/15 04:55:35 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\Rezip.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:58E38390 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:823606DE @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:774C075A @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B0A727D1 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8AE92FD3 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:13019F4B @Alternate Data Stream - 143 bytes -> C:\Users\Maria\Documents\mail.eml:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:5E8C18F1 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E9FAC3AB @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:B6D84F71 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CAC06C34 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9603033A @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8BE7A048 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E73E1C2 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:587F3582 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:18DEBC51 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A88BE334 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E894A3ED @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:700B9342 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:26499772 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:14B2E0BD @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:F45F3031 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:4E79C4F8 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2C678471 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1CDEDE11 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FB4262DE @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E2458802 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2F8138B7 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:F5D01D7C @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BFA43EB @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1A15E356 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4EC7F009 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:206470A5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:6EE8565A @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:AFC732F7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E6708F08 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AAA06E15 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F84B8DB5 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:BF640EE5 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:4D551822 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C78DADEA < End of report > MAM Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.29.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Maria :: MARIKASTL [Administrator] 29.02.2012 20:18:29 mbam-log-2012-02-29 (21-25-04).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 390482 Laufzeit: 1 Stunde(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Perfect World Entertainment\War of the Immortals DE\Bin\PerfectProtector.sys (Trojan.Phobiq) -> Keine Aktion durchgeführt. C:\Perfect World Entertainment\War of the Immortals DE\Bin\pp\perfectprotector-x64.sys (Trojan.Agent) -> Keine Aktion durchgeführt. C:\Perfect World Entertainment\War of the Immortals DE\Bin\pp\perfectprotector.sys (Trojan.Phobiq) -> Keine Aktion durchgeführt. (Ende) |
|
01.03.2012, 07:29
| #6 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Hi, mit hoher Wahrscheinlichkeit war die Skype.exe der Trojaner, alle Funde von MAM löschen lassen... Wie verhält sich der Rechner (normal, oder noch Auswirkungen spürbar wie Umleitungen bei der Suche im Internet etc.?)... chris
__________________ --> Windowssystem gesperrt! Aus Sicherheitsgründen ... |
|
01.03.2012, 16:32
| #7 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Vielen Dank! Funde sind alle gelöscht. Bisher läuft alles wie vorher. Der Computer stürzt immer wieder mal ab, aber das war vorher schon (seit mehrmaligen Problemen beim Booten), da muss ich mich auch mal gesondert drum kümmern oder geht das hier auch? |
|
01.03.2012, 16:44
| #8 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Hi, gibt hier auch ein entsprechendes Forum... Schauen wir mal in die Eventanzeige: Ereignisanzeige: Start > ausführen > eventvwr.msc Gehe in die Ereignisanzeige und schau dort nach Fehlermeldungen Falls eine Fehlermeldung da ist: Doppelklick darauf, ein neues Fenster wird geöffnet markieren und posten den Inhalt chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
01.03.2012, 16:57
| #9 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Welches ist es genau? Wenn mehrere Fehlermeldungen sind dann wahrscheinlich alle posten, oder? |
|
02.03.2012, 07:43
| #10 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Hi, wenn es nicht zuviele sind ;o)... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
17.03.2012, 11:35
| #11 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Als hätte ich es heraufbeschworen ist, natürlich genau ds jetzt wieder passiert - mehrfach. Hier erstmal die "kritische" Kategorie von der Ereignisanzeige: Protokollname: System Quelle: Microsoft-Windows-Kernel-Power Datum: 17.03.2012 11:09:50 Ereignis-ID: 41 Aufgabenkategorie  63)Ebene: Kritisch Schlüsselwörter 2)Benutzer: SYSTEM Computer: MarikasTL Beschreibung: Das System wurde neu gestartet, ohne dass es zuvor ordnungsgemäß heruntergefahren wurde. Dieser Fehler kann auftreten, wenn das System nicht mehr reagiert hat oder abgestürzt ist oder die Stromzufuhr unerwartet unterbrochen wurde. Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" /> <EventID>41</EventID> <Version>2</Version> <Level>1</Level> <Task>63</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000002</Keywords> <TimeCreated SystemTime="2012-03-17T10:09:50.888020000Z" /> <EventRecordID>127715</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="8" /> <Channel>System</Channel> <Computer>MarikasTL</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="BugcheckCode">0</Data> <Data Name="BugcheckParameter1">0x0</Data> <Data Name="BugcheckParameter2">0x0</Data> <Data Name="BugcheckParameter3">0x0</Data> <Data Name="BugcheckParameter4">0x0</Data> <Data Name="SleepInProgress">false</Data> <Data Name="PowerButtonTimestamp">0</Data> </EventData> </Event> Es sind insgesamt 29 Ereignisse, alle gleich. Soll ich jetzt alle posten oder reicht eins as Beispiel? Die Fehler habe ich jetzt nach Häufigkeit sortiert und nur die gepostet bei denen es in der Detailbeschreibung so schien als hätten sie was damit zu tun: Protokollname: System Quelle: atikmdag Datum: 17.03.2012 10:37:54 Ereignis-ID: 52236 Aufgabenkategorie 51)Ebene: Fehler Schlüsselwörter:Klassisch Benutzer: Nicht zutreffend Computer: MarikasTL Beschreibung: CPLIB :: General - Invalid Parameter Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="atikmdag" /> <EventID Qualifiers="49152">52236</EventID> <Level>2</Level> <Task>51</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-03-17T09:37:54.972481700Z" /> <EventRecordID>127601</EventRecordID> <Channel>System</Channel> <Computer>MarikasTL</Computer> <Security /> </System> <EventData> <Data> </Data> <Binary>0000000001000000330000000CCC00C0000000000000000000000000000000000000000000000000</Binary> </EventData> </Event> Protokollname: System Quelle: atikmdag Datum: 17.03.2012 10:37:54 Ereignis-ID: 43029 Aufgabenkategorie 42)Ebene: Fehler Schlüsselwörter:Klassisch Benutzer: Nicht zutreffend Computer: MarikasTL Beschreibung: Display is not active Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="atikmdag" /> <EventID Qualifiers="49152">43029</EventID> <Level>2</Level> <Task>42</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-03-17T09:37:54.972481700Z" /> <EventRecordID>127602</EventRecordID> <Channel>System</Channel> <Computer>MarikasTL</Computer> <Security /> </System> <EventData> <Data> </Data> <Binary>00000000010000002A00000015A800C0000000000000000000000000000000000000000000000000</Binary> </EventData> </Event> Protokollname: System Quelle: Microsoft-Windows-DistributedCOM Datum: 14.03.2012 21:13:08 Ereignis-ID: 10010 Aufgabenkategorie:Keine Ebene: Fehler Schlüsselwörter:Klassisch Benutzer: Nicht zutreffend Computer: MarikasTL Beschreibung: Der Server "{752073A1-23F2-4396-85F0-8FDB879ED0ED}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="49152">10010</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-03-14T20:13:08.000000000Z" /> <EventRecordID>126226</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>MarikasTL</Computer> <Security /> </System> <EventData> <Data Name="param1">{752073A1-23F2-4396-85F0-8FDB879ED0ED}</Data> </EventData> </Event> Protokollname: System Quelle: Microsoft-Windows-DistributedCOM Datum: 17.03.2012 11:10:42 Ereignis-ID: 10005 Aufgabenkategorie:Keine Ebene: Fehler Schlüsselwörter:Klassisch Benutzer: Nicht zutreffend Computer: MarikasTL Beschreibung: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="49152">10005</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-03-17T10:10:42.000000000Z" /> <EventRecordID>127771</EventRecordID> <Correlation /> <Execution ProcessID="0" ThreadID="0" /> <Channel>System</Channel> <Computer>MarikasTL</Computer> <Security /> </System> <EventData> <Data Name="param1">1084</Data> <Data Name="param2">WSearch</Data> <Data Name="param3"> </Data> <Data Name="param4">{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}</Data> </EventData> </Event> Protokollname: Application Quelle: System Restore Datum: 16.03.2012 20:07:45 Ereignis-ID: 8193 Aufgabenkategorie:Keine Ebene: Fehler Schlüsselwörter:Klassisch Benutzer: Nicht zutreffend Computer: MarikasTL Beschreibung: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x80070422). Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="System Restore" /> <EventID Qualifiers="0">8193</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-03-16T19:07:45.000000000Z" /> <EventRecordID>32473</EventRecordID> <Channel>Application</Channel> <Computer>MarikasTL</Computer> <Security /> </System> <EventData> <Data>C:\Windows\system32\svchost.exe -k netsvcs</Data> <Data>Windows Update</Data> <Data>0x80070422</Data> <Binary>220407809D010000870100009501000022CE28677C6DDA79E28C1C000000000000000000</Binary> </EventData> </Event> Protokollname: System Quelle: Service Control Manager Datum: 17.03.2012 10:41:26 Ereignis-ID: 7034 Aufgabenkategorie:Keine Ebene: Fehler Schlüsselwörter:Klassisch Benutzer: Nicht zutreffend Computer: MarikasTL Beschreibung: Dienst "Canon Inkjet Printer/Scanner/Fax Extended Survey Program" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="49152">7034</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2012-03-17T09:41:26.380319100Z" /> <EventRecordID>127707</EventRecordID> <Correlation /> <Execution ProcessID="576" ThreadID="716" /> <Channel>System</Channel> <Computer>MarikasTL</Computer> <Security /> </System> <EventData> <Data Name="param1">Canon Inkjet Printer/Scanner/Fax Extended Survey Program</Data> <Data Name="param2">1</Data> </EventData> </Event> Protokollname: System Quelle: Service Control Manager Datum: 17.03.2012 11:10:24 Ereignis-ID: 7026 Aufgabenkategorie:Keine Ebene: Fehler Schlüsselwörter:Klassisch Benutzer: Nicht zutreffend Computer: MarikasTL Beschreibung: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: discache ElbyCDIO FSES FSFW SABI spldr Wanarpv6 Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="49152">7026</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2012-03-17T10:10:24.053678300Z" /> <EventRecordID>127749</EventRecordID> <Correlation /> <Execution ProcessID="552" ThreadID="556" /> <Channel>System</Channel> <Computer>MarikasTL</Computer> <Security /> </System> <EventData> <Data Name="param1"> discache ElbyCDIO FSES FSFW SABI spldr Wanarpv6</Data> </EventData> </Event> Protokollname: System Quelle: atikmdag Datum: 13.03.2012 06:38:06 Ereignis-ID: 6145 Aufgabenkategorie 6)Ebene: Fehler Schlüsselwörter:Klassisch Benutzer: Nicht zutreffend Computer: MarikasTL Beschreibung: System shutdown due to graphics card overheating Ereignis-XML: <Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="atikmdag" /> <EventID Qualifiers="49152">6145</EventID> <Level>2</Level> <Task>6</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-03-13T05:38:06.281371200Z" /> <EventRecordID>125405</EventRecordID> <Channel>System</Channel> <Computer>MarikasTL</Computer> <Security /> </System> <EventData> <Data> </Data> <Binary>000000000100000006000000011800C0000000000000000000000000000000000000000000000000</Binary> </EventData> </Event>/EventRecordID |
|
17.03.2012, 13:13
| #12 |
| | Windowssystem gesperrt! Aus Sicherheitsgründen ... Hi, muss ich mir einzeln heute abend mal anschauen... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Windowssystem gesperrt! Aus Sicherheitsgründen ... |
| abgesicherte, abgesicherten, andere, anderen, anderes, anmelden, anweisung, euro, gesperrt, leicht, melde, melden, modus, poste, posten, posts, problem, rechner, runterladen, schonmal, technik, troja, trojaner, unerfahren |
Linear-Darstellung
