|
Plagegeister aller Art und deren Bekämpfung: Computer hängt und startet neu. Meldung: Fehler bei den SicherheitsoptionenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.09.2010, 08:32 | #1 |
| Computer hängt und startet neu. Meldung: Fehler bei den Sicherheitsoptionen Shalom, ich habe folgendes Problem: Mein Computer (Vista - alle Updates aufgespielt) hängt seit kurzem. Dies äußert sich so, dass ich nichts mehr anklicken kann. Geöffnete Programme bekommen keine Rückmeldung und der Ton bricht ab. Letzlich schalte ich den Computer manuell aus oder er startet von alleine neu ODER der Bildschirm wird und bleibt Schwarz ODER (selten) Bluescreen Seltener brauch er auch mehrere Startversuche. Ich tippe nicht auf einen Hardware schaden, da die Hardware erst letztenst überprüft worden ist. Verdächtig jedoch ist der letzte Fund von Avira (aggresive Einstellung): Code:
ATTFilter Typ: Datei Quelle: C:\Users\Besitzer\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-libOctoshapeClient.dll Status: Verdächtig Quarantäne-Objekt: 481bba6c.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: JA Betriebssystem: Windows 2000/XP/VISTA Workstation Suchengine: 8.02.04.46 Virendefinitionsdatei: 7.10.11.68 Meldung: Verdächtige Datei Datum/Uhrzeit: 02.09.2010, 09:24 MBAM hatte auch irgendwas gefunden, jedoch finde ich den Bericht nicht o.o Evt. wegen dem Absturz? OTL wird nachgeliefert, nur keine Lust das mein Pc wieder abstürzt :> Ich bedanke mich für Eure Hilfe. Be blessed Da die Logs: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.09.2010 09:31:18 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Besitzer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): c:\pagefile.sys 4500 9000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 78,96 Gb Free Space | 26,49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 647,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 2,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BESITZER-PC Current User Name: Besitzer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Besitzer\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (AVM WLAN Connection Service) -- C:\Program Files\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (LVUVC) Logitech Webcam 300(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek) DRV - (Razerlow) -- C:\Windows\System32\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (rt2500usb) DWL-G122(rev.B) -- C:\Windows\System32\drivers\rt2500usb.sys (Ralink Technology Inc.) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {79572733-0c58-4b94-ac7d-4519df0ff1f0}:3.0 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - prefs.js..network.proxy.backup.ftp: "196.12.184.190" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.gopher: "196.12.184.190" FF - prefs.js..network.proxy.backup.gopher_port: 3128 FF - prefs.js..network.proxy.backup.socks: "196.12.184.190" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "196.12.184.190" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "196.12.184.190" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "196.12.184.190" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "196.12.184.190" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "196.12.184.190" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.20 17:18:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.20 17:18:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.21 23:59:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.09 00:01:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions [2010.07.09 00:01:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.01 13:15:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions [2010.04.27 19:11:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.01.28 16:10:30 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2010.06.11 20:14:59 | 000,000,000 | ---D | M] (Bibleserver.com Suchleiste) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{79572733-0c58-4b94-ac7d-4519df0ff1f0} [2010.08.28 21:06:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.07.27 21:36:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 12:20:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.29 23:14:00 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.04.09 18:49:52 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.01.22 23:36:33 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2009.10.24 21:36:01 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\m4wyro04.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} [2010.05.16 11:09:53 | 000,001,555 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\FireFox\Profiles\m4wyro04.default\searchplugins\neues-leben.xml [2010.09.01 13:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.04.24 16:22:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.07.05 18:42:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.24 12:22:58 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.01.15 13:10:57 | 000,000,831 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 http:\\www.pornomovies.com O1 - Hosts: 127.0.0.1 http:\\www.redtube.com O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab (Windows Live OneCare safety scanner control) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/Driver...aSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.02.09 14:03:36 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2007.10.11 18:19:29 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007.10.12 13:47:53 | 000,745,472 | R--- | M] () - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2007.10.12 13:43:46 | 000,015,086 | R--- | M] () - F:\Autorun.ico -- [ UDF ] O33 - MountPoints2\{70932568-7536-11de-872c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{70932568-7536-11de-872c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\EE2AutoRun.exe -- [2005.03.08 11:30:36 | 000,864,256 | R--- | M] (Mad Doc Software) O33 - MountPoints2\{70932569-7536-11de-872c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{70932569-7536-11de-872c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2007.10.12 13:47:53 | 000,745,472 | R--- | M] () O33 - MountPoints2\{b12a612d-c65d-11de-bfb7-0019dbc0752f}\Shell - "" = AutoRun O33 - MountPoints2\{b12a612d-c65d-11de-bfb7-0019dbc0752f}\Shell\AutoRun\command - "" = J:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.02 09:29:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2010.09.01 13:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam Toolbar [2010.08.22 21:53:07 | 000,000,000 | ---D | C] -- C:\Windows\de [2010.08.22 21:46:56 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Windows Live [2010.08.20 17:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.08.19 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\sixteen tons entertainment [2010.08.19 15:47:04 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\poisonville [2010.08.14 12:11:46 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\No23 Recorder [2010.08.12 19:19:12 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Local\Chat Republic Games [2010.08.12 19:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Chat Republic Games [2010.08.12 12:25:31 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.12 12:18:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.12 12:18:22 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.12 12:18:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.12 12:18:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.12 12:18:21 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.12 12:18:21 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.12 12:18:21 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.12 12:18:21 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.12 12:18:21 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.12 12:18:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.12 12:18:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.12 12:18:21 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.12 12:18:21 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.12 12:18:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.12 12:18:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.12 12:18:20 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.12 12:17:20 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.12 12:17:20 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.12 12:17:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.10 19:44:38 | 000,049,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sirenacm.dll [2010.08.10 19:39:02 | 000,297,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [2010.08.07 19:10:49 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Octoshape [2010.08.06 00:20:58 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\Desktop\ZZZZ [2010.08.06 00:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\phase5 [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Besitzer\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Besitzer\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Besitzer\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Besitzer\AppData\Local\bass.dll ========== Files - Modified Within 30 Days ========== [2010.09.02 09:33:03 | 005,767,168 | -HS- | M] () -- C:\Users\Besitzer\ntuser.dat [2010.09.02 09:29:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Desktop\OTL.exe [2010.09.02 09:15:05 | 000,000,440 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010.09.02 09:14:59 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.09.02 09:14:48 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.02 09:14:47 | 000,005,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.02 09:14:41 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job [2010.09.02 09:14:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.02 09:14:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.02 07:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.09.01 18:35:28 | 000,066,824 | ---- | M] () -- C:\Users\Besitzer\Desktop\u-bild.php.jpg [2010.09.01 18:28:38 | 000,084,801 | ---- | M] () -- C:\Users\Besitzer\Desktop\z-bild.php.jpg [2010.09.01 14:24:19 | 000,524,288 | -HS- | M] () -- C:\Users\Besitzer\ntuser.dat{d96f4d9e-f20d-11de-9a3b-001f3f0951b3}.TMContainer00000000000000000001.regtrans-ms [2010.09.01 14:24:19 | 000,065,536 | -HS- | M] () -- C:\Users\Besitzer\ntuser.dat{d96f4d9e-f20d-11de-9a3b-001f3f0951b3}.TM.blf [2010.09.01 14:24:15 | 002,121,524 | -H-- | M] () -- C:\Users\Besitzer\AppData\Local\IconCache.db [2010.09.01 14:07:05 | 000,001,591 | ---- | M] () -- C:\Users\Besitzer\Desktop\Vid beschreibung.rtf [2010.09.01 13:40:41 | 029,015,172 | ---- | M] () -- C:\Users\Besitzer\Desktop\Die lange Reise....wmv [2010.09.01 13:21:25 | 175,286,098 | ---- | M] () -- C:\Users\Besitzer\Desktop\clip0017.avi [2010.09.01 13:04:21 | 002,575,488 | ---- | M] () -- C:\Users\Besitzer\Desktop\HC2Setup.exe [2010.09.01 11:39:53 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.01 11:39:53 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.01 11:39:53 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.01 11:39:53 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.01 11:39:53 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.30 21:22:43 | 000,000,764 | ---- | M] () -- C:\Users\Besitzer\Desktop\CCleaner.lnk [2010.08.27 18:00:31 | 002,716,348 | ---- | M] () -- C:\Users\Besitzer\Documents\Die Botox Boys.mp3 [2010.08.27 17:58:25 | 003,350,810 | ---- | M] () -- C:\Users\Besitzer\Documents\Bianca - Israel, Israel - warum gibt es keinen Frieden.mp3 [2010.08.27 00:30:10 | 001,040,851 | ---- | M] () -- C:\Users\Besitzer\Desktop\Foto1299.jpg [2010.08.27 00:28:11 | 001,132,435 | ---- | M] () -- C:\Users\Besitzer\Desktop\IMG_0021.JPG [2010.08.26 13:34:26 | 000,005,241 | ---- | M] () -- C:\Users\Besitzer\Desktop\a.rtf [2010.08.24 22:41:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2010.08.24 21:30:09 | 000,001,520 | ---- | M] () -- C:\Users\Besitzer\.recently-used.xbel [2010.08.23 11:51:15 | 002,194,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.22 23:50:14 | 000,059,992 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.21 20:57:45 | 000,000,415 | ---- | M] () -- C:\Users\Besitzer\Desktop\laari.rtf [2010.08.20 21:26:53 | 000,011,519 | ---- | M] () -- C:\Users\Besitzer\Documents\Zj bibel.odt [2010.08.20 12:38:55 | 000,000,709 | ---- | M] () -- C:\Users\Public\Desktop\Emergency4 spielen.lnk [2010.08.19 19:32:47 | 000,001,730 | -H-- | M] () -- C:\Users\Besitzer\Documents\Default.rdp [2010.08.16 20:06:07 | 000,001,476 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\RecConfig.xml [2010.08.14 12:11:48 | 000,000,814 | ---- | M] () -- C:\Users\Besitzer\Desktop\No23 Recorder.lnk [2010.08.10 19:44:38 | 000,049,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sirenacm.dll [2010.08.10 19:39:02 | 000,297,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [2010.08.08 17:17:01 | 000,020,480 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.07 22:24:34 | 492,358,537 | ---- | M] () -- C:\Users\Besitzer\Desktop\Baptize us in the holy Spirit.wmv [2010.08.04 22:30:27 | 003,874,095 | ---- | M] () -- C:\Users\Besitzer\Desktop\Wie komme ich zu Gott ..mp3 ========== Files Created - No Company Name ========== [2010.09.01 18:32:12 | 000,066,824 | ---- | C] () -- C:\Users\Besitzer\Desktop\u-bild.php.jpg [2010.09.01 18:28:38 | 000,084,801 | ---- | C] () -- C:\Users\Besitzer\Desktop\z-bild.php.jpg [2010.09.01 13:38:15 | 000,001,591 | ---- | C] () -- C:\Users\Besitzer\Desktop\Vid beschreibung.rtf [2010.09.01 13:38:03 | 029,015,172 | ---- | C] () -- C:\Users\Besitzer\Desktop\Die lange Reise....wmv [2010.09.01 13:17:12 | 175,286,098 | ---- | C] () -- C:\Users\Besitzer\Desktop\clip0017.avi [2010.09.01 13:04:14 | 002,575,488 | ---- | C] () -- C:\Users\Besitzer\Desktop\HC2Setup.exe [2010.08.27 17:58:28 | 002,716,348 | ---- | C] () -- C:\Users\Besitzer\Documents\Die Botox Boys.mp3 [2010.08.27 17:57:00 | 003,350,810 | ---- | C] () -- C:\Users\Besitzer\Documents\Bianca - Israel, Israel - warum gibt es keinen Frieden.mp3 [2010.08.27 00:29:14 | 001,040,851 | ---- | C] () -- C:\Users\Besitzer\Desktop\Foto1299.jpg [2010.08.27 00:27:09 | 001,132,435 | ---- | C] () -- C:\Users\Besitzer\Desktop\IMG_0021.JPG [2010.08.26 13:34:20 | 000,005,241 | ---- | C] () -- C:\Users\Besitzer\Desktop\a.rtf [2010.08.24 21:30:09 | 000,001,520 | ---- | C] () -- C:\Users\Besitzer\.recently-used.xbel [2010.08.20 21:26:51 | 000,011,519 | ---- | C] () -- C:\Users\Besitzer\Documents\Zj bibel.odt [2010.08.20 12:38:55 | 000,000,709 | ---- | C] () -- C:\Users\Public\Desktop\Emergency4 spielen.lnk [2010.08.19 19:03:36 | 000,001,730 | -H-- | C] () -- C:\Users\Besitzer\Documents\Default.rdp [2010.08.14 12:23:06 | 000,001,476 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\RecConfig.xml [2010.08.14 12:11:48 | 000,000,814 | ---- | C] () -- C:\Users\Besitzer\Desktop\No23 Recorder.lnk [2010.08.10 17:45:23 | 000,000,415 | ---- | C] () -- C:\Users\Besitzer\Desktop\laari.rtf [2010.08.07 22:07:01 | 492,358,537 | ---- | C] () -- C:\Users\Besitzer\Desktop\Baptize us in the holy Spirit.wmv [2010.08.04 22:27:30 | 003,874,095 | ---- | C] () -- C:\Users\Besitzer\Desktop\Wie komme ich zu Gott ..mp3 [2010.07.14 22:03:56 | 000,000,000 | ---- | C] () -- C:\Windows\KeyScript.ini [2010.07.12 17:32:08 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI [2010.07.07 14:44:30 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.07.07 14:44:20 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.07.05 20:03:25 | 000,000,025 | ---- | C] () -- C:\Windows\l303836.ini [2010.07.05 19:49:44 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2010.07.05 19:49:44 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll [2010.06.15 14:37:47 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.05.14 21:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2010.03.31 20:44:39 | 000,000,552 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d8caps.dat [2009.11.25 22:01:04 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2009.09.20 12:22:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009.09.20 12:03:02 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini [2009.09.15 20:12:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.04 20:16:15 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2009.08.04 20:16:15 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2009.08.04 19:55:45 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2009.08.01 12:48:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.24 16:49:35 | 000,020,480 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.20 16:14:04 | 000,000,680 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat [2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\lame_enc.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\no23xwrapper.dll [1997.06.14 11:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2009.08.28 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Acreon [2009.08.03 17:29:40 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Auslogics [2010.06.15 10:06:13 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\avidemux [2009.09.20 16:56:54 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\EPSON [2009.07.23 14:33:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Foxit [2010.02.24 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Foxit Software [2009.10.31 23:44:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FRITZ! [2010.08.24 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\gtk-2.0 [2010.09.01 17:31:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ [2010.03.30 22:00:50 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ImgBurn [2009.10.01 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\JonDo [2010.06.15 16:52:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leadertech [2010.06.15 14:37:50 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Leawo [2010.04.17 18:27:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\LG Electronics [2010.03.11 15:02:50 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Lingo4u [2009.08.29 11:24:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\MobMapUpdater [2010.08.07 19:10:49 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Octoshape [2009.09.19 18:23:56 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org [2010.07.17 22:13:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\PhotoScape [2009.08.10 15:58:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ProtectDisc [2009.11.01 15:11:07 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\RapidSolution [2010.03.20 22:15:51 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Screaming Bee [2010.07.30 19:01:17 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\SecondLife [2010.03.15 14:13:14 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sierra [2009.11.01 17:03:59 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\soul.im [2009.12.04 22:04:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TeamViewer [2010.03.31 20:47:42 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TerraTec [2009.11.30 14:57:43 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly [2010.07.09 00:01:41 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Thunderbird [2010.06.26 20:04:48 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client [2009.10.24 21:15:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TuneUp Software [2009.12.24 21:25:43 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft [2009.10.07 14:17:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\uTorrent [2010.07.25 01:49:16 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\VDownloader [2009.09.08 19:19:09 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Webocton - Scriptly [2010.02.12 20:30:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinBatch [2009.10.14 17:07:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\yess [2010.09.02 09:14:41 | 000,000,296 | ---- | M] () -- C:\Windows\Tasks\Defraggler Volume C Task.job [2010.09.01 14:24:22 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Desktop\V130610_22.40.flv:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Desktop\Sound.flv:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Desktop\clip0017.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Desktop\clip0012.avi:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Besitzer\Desktop\Allah hatte keinen Sohn XXL Lüge Islam.flv:TOC.WMV @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:13199560 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Und die Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.09.2010 09:31:18 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Besitzer\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): c:\pagefile.sys 4500 9000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 78,96 Gb Free Space | 26,49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 647,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 2,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BESITZER-PC Current User Name: Besitzer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 "AntiSpyWareDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12F28EB1-C99B-42D6-92B0-60E8BAF4FF60}" = rport=2869 | protocol=6 | dir=out | app=system | "{1A1B8180-6C23-4B4E-8F48-FC1A3675CD10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4F6255CC-8359-411A-BD43-93BDECE890EE}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{60BEA1A3-96FA-4670-B570-55DFA50CACE4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6CF361A1-1852-4585-A474-57EFCAC6FD25}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{744EF063-EBE9-47FB-BBEA-A0B803178F7B}" = lport=2869 | protocol=6 | dir=in | app=system | "{8D0368C6-9565-45AB-B808-712880D70368}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B7005CF8-3ABB-4A11-9929-05D924CFB18C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B72F0E5A-7494-4674-8EDC-465029D4AE25}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{DADED52B-DB41-479F-A76D-3519B1AED9BA}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3A2DB7F8-FAF1-4C2B-AE91-5B017FB80809}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{5BA32649-4412-4821-97FA-D9E7825BB6B8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{92CC72E0-1E26-4EF6-AA0E-9E809F87D8C5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{A185D28F-A105-46D7-A1BA-8B1C4D615F65}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "TCP Query User{1610205C-B0BA-4948-BFEF-70647A5B8E82}C:\users\besitzer\desktop\miniwebserver.exe" = protocol=6 | dir=in | app=c:\users\besitzer\desktop\miniwebserver.exe | "TCP Query User{209BD6CC-933C-4136-9024-DA805BBDF46E}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "TCP Query User{318A307F-9A40-49EA-915B-FDDEF591A882}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "TCP Query User{6988DF92-7419-441F-81E6-DA7A8A4F76CA}C:\users\besitzer\appdata\local\temp\tz_exec.tmp130\miniwebserver.exe" = protocol=6 | dir=in | app=c:\users\besitzer\appdata\local\temp\tz_exec.tmp130\miniwebserver.exe | "TCP Query User{9D6ADCFB-C535-4EF0-BA82-79AA3FB42C07}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "TCP Query User{B3C042A9-AEC0-41B8-9C0F-48C372C4EEB5}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{EE05FF57-9E29-4AC8-9989-5E1417E1FA06}C:\program files\sierra\empire earth ii\ee2.exe" = protocol=6 | dir=in | app=c:\program files\sierra\empire earth ii\ee2.exe | "UDP Query User{10E92E85-90EE-4EFD-98D1-4919029CCD77}C:\program files\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "UDP Query User{392E9903-EB53-425D-9EE6-5D0D905C9689}C:\program files\sierra\empire earth ii\ee2.exe" = protocol=17 | dir=in | app=c:\program files\sierra\empire earth ii\ee2.exe | "UDP Query User{73C8CD9F-908C-4DA7-8CFB-5DDF23515FE2}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "UDP Query User{ABE321C0-D515-4FD4-8557-FDEB79E85391}C:\users\besitzer\appdata\local\temp\tz_exec.tmp130\miniwebserver.exe" = protocol=17 | dir=in | app=c:\users\besitzer\appdata\local\temp\tz_exec.tmp130\miniwebserver.exe | "UDP Query User{C1320C47-0EBB-4FDE-8EB7-E3B2EEE7FED2}C:\users\besitzer\desktop\miniwebserver.exe" = protocol=17 | dir=in | app=c:\users\besitzer\desktop\miniwebserver.exe | "UDP Query User{D22F0BCC-E175-4790-883C-DEA8AE311910}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "UDP Query User{E7AE4071-6537-4DF3-936D-6D5787FFD3B9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00450E05-6F4C-42E5-9598-02CF18378FEA}" = Windows Live ID Sign-in Assistant "{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM) "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0A902DF4-B767-49DB-98D3-D413E6F1E703}" = World of Subways Vol.2 "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{19DD26A7-F0DD-472E-887F-44128C31163C}" = Windows Live Messenger "{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20 "{29C042AB-059B-414C-840E-94775E3F24A8}" = Personality Voices "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{3274D32D-3DA2-4AB9-9BD0-B4EDC6E03B7F}" = Windows Live Essentials-Betaversion "{380B7FE0-32A3-439A-B65C-B4ED55CADBF4}" = Windows Live Fotogalerie-Betaversion "{3932CA01-E514-48A1-8D2D-B9DA712C58B5}" = Windows Live Writer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{41A15ABD-081B-43DC-91A5-8727265E8D77}" = Windows Live Photo Common "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E89C074-29D6-4756-B820-A95F5E15B33A}" = Windows Live MIME IFilter "{4F88F5D8-767A-4EB4-9AFA-A7CBCC69D767}" = Windows Live SOXE "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{52CDDA92-56B6-4BA5-BD8D-E13B186008CB}" = D3DX10 "{54488589-76BC-4A3F-AC4F-71EBAD657850}" = Windows Live Communications Platform "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59A614F6-27DE-4F65-A173-554A26DA2DEE}" = Female Voice Pack "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2 "{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5EE59813-493A-4C10-A2BF-3647670CD7D6}" = Windows Live UX Platform Language Pack "{5F7E148E-08DD-42F7-AEB4-569F21E25F3A}" = MAGIX Music Editor 3 Free "{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™ "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{66069562-D3AF-4515-B1FD-7EE4DE5CE7D2}" = Windows Live PIMT Platform "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6E637484-7ED6-4AA5-BEDC-FD821F64D372}_is1" = Moyea Video4Web Converter Version 2.5.0.0 "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E432D8D-D78A-44A8-9FE8-B8942F7FD01F}" = Windows Live UX Platform "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{91973772-A002-446D-8A67-B410553AD8F9}" = Windows Live SOXE Definitions "{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source "{95A4E899-87EF-43C7-99E3-9ED5342FBF12}" = Windows Live Movie Maker "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4 "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack "{9D6FAA1A-D87C-4F3E-B6C0-2646DC238CCF}" = Windows Live Mail "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A401975C-C1C5-4ECB-BC18-BFD9F8F401B7}" = Paint.NET v3.5.3 "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.9.462 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{ADFCF98D-9CB4-414F-B2F0-AF96E0302A3C}" = Windows Live Photo Common-Betaversion "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C0A30BAA-295D-4F7F-8776-FD09FD57E2E2}" = Windows Live Installer "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C7A6AD68-9152-482B-9769-6E08231F0BD7}" = Windows Live Messenger "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CED9B1E8-FFCB-4497-9DFC-F0B20146896E}" = Windows Live Mail "{CF092689-6ADF-4C86-A8DA-31B0B448A36C}" = Junk Mail filter update "{D1F6BB2F-E9A4-4233-BA03-BB62E8AED82A}" = Star Wars Jedi Knight Jedi Academy Demo "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D75608C0-FBE2-4A0D-9A7A-871F08305949}" = Windows Live Writer Resources "{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2 "{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EE7F36D6-F67D-486A-A9D5-01DE1B6F6933}" = Windows Live Movie Maker "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F1191B7E-84BF-4325-9FFD-80BD8996ED4B}" = MorphVOX Junior "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{FCE7CF00-581E-4B9B-8794-24A196BBFBC0}" = Windows Live Photo Gallery "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "4StoryDE_is1" = 4Story 3.3 "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Age of Empires 2.0" = Microsoft Age of Empires II "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMWLANCLI" = AVM FRITZ!WLAN "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "CCleaner" = CCleaner "Cheat Engine 5.5_is1" = Cheat Engine 5.5 "CrystalDiskInfo_is1" = CrystalDiskInfo 2.7.4 "Defraggler" = Defraggler "Drakensang_is1" = Drakensang "Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit "EPSON Scanner" = EPSON Scan "EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch "EPSON SX100 Series" = Druckerdeinstallation für EPSON SX100 Series "Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt "Foxit Creator" = Foxit Creator "Foxit PDF Editor" = Foxit PDF Editor "Foxit Reader" = Foxit Reader "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1 "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "Free YouTube Uploader_is1" = Free YouTube Uploader version 3.2 "Game Cam XPress" = Game Cam XPress 2.5.0 "HijackThis" = HijackThis 2.0.2 "HyperCam 2" = HyperCam 2 "HyperCam Toolbar" = HyperCam Toolbar "Icy Tower v1.4_is1" = Icy Tower v1.4 "ImgBurn" = ImgBurn "KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Basic) "LingoPad_is1" = LingoPad 2.5.1 (Build 325) "lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MobMap_is1" = MobMap 3.43 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8) "Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2) "Music_Editor_3_silver" = MAGIX Music Editor 3 Free "NVIDIA Drivers" = NVIDIA Drivers "PhotoScape" = PhotoScape "PhotoStitch" = Canon Utilities PhotoStitch "Picasa 3" = Picasa 3 "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "Secunia PSI" = Secunia PSI "Steam App 10620" = Empire: Total War Demo "Steam App 211" = Source SDK "Steam App 340" = Half-Life 2: Lost Coast "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TUGZip_is1" = TUGZip 3.5 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.0 "Warcraft III" = Warcraft III "Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.2 "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite" = Windows Live Essentials-Betaversion "Winload Toolbar" = Winload Toolbar "Wisdom-soft AutoScreenRecorder 3.0 Free" = Wisdom-soft AutoScreenRecorder 3.0 Free "World of Warcraft" = World of Warcraft "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "2a4f70b48f669acd" = AA3Deploy "Octoshape Streaming Services" = Octoshape Streaming Services ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 28.08.2010 07:21:25 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 28.08.2010 14:28:27 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 29.08.2010 09:01:27 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 29.08.2010 14:38:22 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 29.08.2010 16:53:46 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 30.08.2010 02:33:59 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 30.08.2010 07:45:01 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 30.08.2010 13:00:02 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 30.08.2010 15:05:00 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = Error - 31.08.2010 01:01:24 | Computer Name = Besitzer-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 02.09.2010 01:31:28 | Computer Name = Besitzer-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 02.09.2010 03:14:38 | Computer Name = Besitzer-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 02.09.2010 um 07:33:30 unerwartet heruntergefahren. Error - 02.09.2010 03:14:24 | Computer Name = Besitzer-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 02.09.2010 03:15:31 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7000 Description = Error - 02.09.2010 03:15:31 | Computer Name = Besitzer-PC | Source = Service Control Manager | ID = 7026 Description = Error - 02.09.2010 03:17:23 | Computer Name = Besitzer-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 02.09.2010 03:21:32 | Computer Name = Besitzer-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 02.09.2010 03:22:57 | Computer Name = Besitzer-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 02.09.2010 03:30:30 | Computer Name = Besitzer-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. Error - 02.09.2010 03:32:17 | Computer Name = Besitzer-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden. < End of report > //Edit Pornomovies? Utorrent? What the????
__________________ Credo in Deum, Patrem omnipotentem, Creatorem caeli et terrae. Geändert von Shadow09 (02.09.2010 um 08:41 Uhr) Grund: Logs nachgeliefert |
02.09.2010, 10:29 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Computer hängt und startet neu. Meldung: Fehler bei den SicherheitsoptionenZitat:
__________________ |
Themen zu Computer hängt und startet neu. Meldung: Fehler bei den Sicherheitsoptionen |
7-zip, absturz, adblock, alternate, appdata, ask.com, audacity, avgntflt.sys, avira, bericht, besitzer, bildschirm, bluescree, bluescreen, canon, code, components, computer, computer hängt, conduit, corp./icp, crystaldiskinfo, einstellung, fehler, firefox.exe, folge, fund, home premium, hängt, install.exe, keine rückmeldung, klicke, local\temp, location, meldung, mozilla thunderbird, neu, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, picasa, plug-in, problem, programdata, programme, roaming, rückmeldung, saver, sched.exe, searchplugins, secunia psi, services, shell32.dll, sicherheitsoptionen, skype.exe, startet, tower, updates, vista, vlc media player, warum, winload toolbar |