Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: System wurde gesperrt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 05.01.2012, 22:10   #1
schniggels
 
System wurde gesperrt - Standard

System wurde gesperrt



Guten Abend.
Ich habe mir einen Virus/Trojaner eingefangen, benötige eure Hilfe!!
Besprochen habt iher das ganze ja schon aber ich wollte meine Log-Datei mal posten. Nun das übliche: War im Internet, plötzlich wurde mein Bildschirm schwarz mit dem Hinweiss "Ihr System wurde gesperrt...... Bitte bezahlen Sie....". Nur finde ich in meinem System rein gar nichts was mir weiter hilft. Liegt wahrscheinlich auch daran, dass ich kein PC-Experte bin.
Habe nun den OTL scan gemacht und hoffe das mir einer sagen kann was zu machen ist.

Ah..da fällt mir ein, dass ich den Rechner im abgesicherten Modus hoch gefahren habe um eine Systemrückstellung zu machen. Seitdem kann ich wieder ins Netz aber die Ursache wird ja noch da sein.

Vielen Dank schon mal im Vorraus.

Hier das OTL.Txt

OTL logfile created on: 05.01.2012 21:21:55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\XXXXXX\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,94 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 44,68% Memory free
4,12 Gb Paging File | 2,79 Gb Available in Paging File | 67,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 63,54 Gb Free Space | 42,63% Space Free | Partition Type: NTFS

Computer Name: XXXXX | User Name: XXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\XXXXX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\lxbkcoms.exe ( )
PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\Nero\Lib\log4cxx.dll ()
MOD - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbk_device) -- C:\Windows\System32\lxbkcoms.exe ( )
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-590521242-1415568427-4071292364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-590521242-1415568427-4071292364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-590521242-1415568427-4071292364-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-590521242-1415568427-4071292364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.67
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.13 13:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 07:47:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.20 17:39:49 | 000,000,000 | ---D | M]

[2009.10.13 08:57:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Extensions
[2011.12.13 16:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\ovkec7qa.default\extensions
[2011.11.15 14:22:48 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\ovkec7qa.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.09.04 14:12:32 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\ovkec7qa.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}(109)
[2011.07.30 14:22:46 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\ovkec7qa.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.11.11 17:05:42 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\ovkec7qa.default\extensions\toolbar@ask.com
[2011.11.13 13:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.19 19:15:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\XXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OVKEC7QA.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\XXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OVKEC7QA.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-590521242-1415568427-4071292364-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Programme\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-590521242-1415568427-4071292364-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-590521242-1415568427-4071292364-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-590521242-1415568427-4071292364-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-590521242-1415568427-4071292364-1000..\Run: [Tabwin] C:\Users\Nieskes\AppData\Roaming\Atlmod\padtxt.exe File not found
O4 - HKU\S-1-5-21-590521242-1415568427-4071292364-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590521242-1415568427-4071292364-1007..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{299170F6-F890-47AE-B511-D3BF5308DA37}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DD60C5B-D640-488A-9FD0-C64CCF22E51C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Bilder\Skifahrt 2011\BILD0410.JPG
O24 - Desktop BackupWallPaper: C:\Bilder\Skifahrt 2011\BILD0410.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d1ffec0d-1775-11e1-83a8-001d92291ddd}\Shell - "" = AutoRun
O33 - MountPoints2\{d1ffec0d-1775-11e1-83a8-001d92291ddd}\Shell\AutoRun\command - "" = E:\Draussen_aktiv.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.12.16 14:20:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.16 14:20:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.16 14:20:28 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.16 14:20:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.16 14:20:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.16 14:20:24 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.15 14:44:46 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.15 14:44:46 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.15 14:44:45 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.15 14:44:44 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.15 14:44:41 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.15 14:44:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2007.04.26 13:01:48 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2007.04.26 13:01:46 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2007.04.26 13:01:44 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2006.11.06 18:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2006.11.06 18:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2006.11.06 18:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2006.11.06 18:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2006.11.06 18:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2006.11.06 18:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2006.11.06 18:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2006.11.06 18:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2006.11.06 18:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2006.11.06 18:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2006.11.06 18:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.05 21:09:48 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.05 21:09:40 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 21:09:40 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 21:09:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.04 00:20:26 | 000,001,356 | ---- | M] () -- C:\Users\XXXXX\AppData\Local\d3d9caps.dat
[2012.01.02 13:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.02 13:24:07 | 000,002,637 | ---- | M] () -- C:\Users\XXXXX\Alles\Desktop\Word 2007.lnk
[2011.12.27 22:21:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.12.22 17:53:20 | 000,642,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.22 17:53:20 | 000,607,030 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.22 17:53:20 | 000,131,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.22 17:53:20 | 000,108,406 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.18 12:57:24 | 000,374,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.14 11:15:07 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\FlashPeak SlimBrowser.lnk
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.04 00:22:34 | 000,001,157 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.07.25 13:18:38 | 000,001,356 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\d3d9caps.dat
[2009.08.19 15:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.19 15:20:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.05 02:11:32 | 000,004,096 | -H-- | C] () -- C:\Users\XXXXX\AppData\Local\keyfile3.drm
[2009.03.28 21:01:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.03.28 20:33:47 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.12.23 14:13:42 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2008.12.22 22:06:36 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008.12.22 21:55:35 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.12.22 21:55:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.12.22 21:52:11 | 000,000,778 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008.12.22 21:52:11 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008.12.22 21:52:11 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2008.12.22 21:48:04 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.11.26 19:35:13 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008.07.26 10:29:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.05.30 18:50:48 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.05.30 18:43:37 | 000,087,312 | ---- | C] () -- C:\Windows\mws.exe
[2008.03.29 00:45:24 | 000,000,095 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\fusioncache.dat
[2008.01.08 20:36:43 | 000,105,472 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.31 15:38:29 | 000,023,888 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\UserTile.png
[2007.12.29 17:33:54 | 000,000,702 | ---- | C] () -- C:\Windows\lexstat.ini
[2007.12.29 17:08:06 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.02.07 18:57:50 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007.01.22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbkcoin.dll
[2006.11.30 15:34:24 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2006.11.02 16:33:31 | 000,642,020 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,131,472 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,374,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,607,030 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,406 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.05 14:19:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2005.09.13 17:27:10 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbkcnv5.dll

========== LOP Check ==========

[2011.01.28 01:00:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Atlmod
[2011.01.27 12:14:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Azureus
[2011.01.27 12:14:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InterVideo
[2011.10.11 16:56:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\LG Electronics
[2011.01.27 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NetSpeedMonitor
[2011.11.06 11:36:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2011.01.27 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC-FAX TX
[2011.01.27 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PCFix
[2007.12.31 15:38:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2011.01.27 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QlikTech
[2011.01.27 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Samsung
[2011.01.27 12:16:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SlimBrowser
[2011.01.27 12:16:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UseNeXT
[2011.10.11 16:56:01 | 000,000,000 | -H-D | M] -- C:\Users\Admin\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2008.11.06 20:10:55 | 000,000,000 | ---D | M] -- C:\Users\Alle Benutzer.Nieskes-PC\AppData\Roaming\SlimBrowser
[2011.05.09 18:06:59 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\ICQ
[2011.10.11 16:59:29 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\LG Electronics
[2011.10.11 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\LGInternetKit
[2011.11.19 15:24:16 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\PC Suite
[2011.09.04 15:54:03 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\SlimBrowser
[2011.01.27 23:43:08 | 000,000,000 | ---D | M] -- C:\Users\Nieskes\AppData\Roaming\Atlmod
[2011.12.09 21:27:09 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Azureus
[2011.04.24 20:42:47 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Ihwyz
[2008.05.30 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\InterVideo
[2011.01.25 22:36:51 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\NetSpeedMonitor
[2011.10.19 18:25:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Nokia
[2011.10.19 18:25:57 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Nokia Ovi Suite
[2011.11.20 19:54:31 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Nokia Suite
[2011.02.06 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\PC Suite
[2008.12.22 22:43:10 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\PC-FAX TX
[2011.01.27 11:41:25 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\PCFix
[2007.12.31 15:38:29 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\PeerNetworking
[2011.05.03 07:35:43 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Pyyqxo
[2010.10.21 11:36:08 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\QlikTech
[2011.10.11 20:00:10 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\QuickScan
[2011.02.02 16:29:05 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Reviversoft
[2011.03.02 12:08:11 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\RibbonSoft
[2011.02.10 11:19:55 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Samsung
[2012.01.03 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\SlimBrowser
[2011.02.19 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\TeamViewer
[2011.01.31 15:32:15 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\TuneUp Software
[2008.03.29 00:59:33 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\UseNeXT
[2012.01.04 00:30:12 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Hier das Extra.Txt

OTL Extras logfile created on: 05.01.2012 21:21:55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nieskes\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,94 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 44,68% Memory free
4,12 Gb Paging File | 2,79 Gb Available in Paging File | 67,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 63,54 Gb Free Space | 42,63% Space Free | Partition Type: NTFS

Computer Name: XXXXX | User Name: XXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = SlimBrowserHtml] -- "C:\Program Files\SlimBrowser\sbrowser.exe" -nosp -ni

[HKEY_USERS\S-1-5-21-590521242-1415568427-4071292364-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\SlimBrowser\sbrowser.exe" -nosp -ni
https [open] -- "C:\Program Files\SlimBrowser\sbrowser.exe" -nosp -ni
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{312652EA-F77F-4310-9395-AD2B11530090}" = lport=50889 | protocol=17 | dir=in | name=vuze udp |
"{74240EA8-F285-4763-92B7-D4F3A27A6CAF}" = lport=5001 | protocol=6 | dir=in | name=mlab |
"{AEE22E3B-F748-460F-9D8D-687C05CBB8F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D9AE9BC5-7B93-4EE8-B51E-6A2A5E92BB2C}" = lport=50888 | protocol=6 | dir=in | name=vuze tcp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BE3D757-D1DB-45DF-839D-FE10316698E5}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{56EA9E9A-1622-48B6-9FE2-CD305B4A78D6}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{479194FB-1525-495A-92DC-6584D5179FEA}C:\users\katrin\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\users\katrin\appdata\roaming\icq\application\icq7.2\icq.exe |
"TCP Query User{556F0D0E-FA71-4CAB-A8D2-D82B42E3543C}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{58153CCC-63E0-4EB9-8DB3-19D450263DF1}C:\program files\slimbrowser\sbrowser.exe" = protocol=6 | dir=in | app=c:\program files\slimbrowser\sbrowser.exe |
"TCP Query User{777D0274-8E7E-41DB-ABB7-199B30627896}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{88B8F4E4-8B34-488D-BADF-83DBD9731E08}E:\XXXXX\azureus\azureus.exe" = protocol=6 | dir=in | app=e:\XXXXX\azureus\azureus.exe |
"TCP Query User{9FD09326-5780-43C3-A611-18AC5C350B90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B800955D-B51D-4678-BFA2-27FE205BD35C}E:\mirc\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=e:\mirc\gamers.irc\mirc.exe |
"TCP Query User{C3A8288A-61E5-4840-91D3-27B780836CB2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{DF931C3F-8708-44F7-98C4-134E787A5007}C:\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\azureus\azureus.exe |
"UDP Query User{09A5BAE2-16C8-4943-8086-FF090A0E5603}E:\mirc\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=e:\mirc\gamers.irc\mirc.exe |
"UDP Query User{13E5C7AA-C0E4-4F60-8CD8-A0635D1DD649}C:\users\katrin\appdata\roaming\icq\application\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\users\katrin\appdata\roaming\icq\application\icq7.2\icq.exe |
"UDP Query User{16A8865B-7874-4675-9E37-39334AA7D9D0}C:\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\azureus\azureus.exe |
"UDP Query User{17EDAB35-9DB8-4289-9565-9F7695FDB9C5}C:\program files\slimbrowser\sbrowser.exe" = protocol=17 | dir=in | app=c:\program files\slimbrowser\sbrowser.exe |
"UDP Query User{4FCDB055-952F-4135-8783-7E8C083186F5}E:\XXXXX\azureus\azureus.exe" = protocol=17 | dir=in | app=e:\XXXXX\azureus\azureus.exe |
"UDP Query User{701DE553-8571-4D18-BA40-C2680F439727}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{AC1D6096-0AC1-4BBB-AA0F-8C801396923A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{F2B8282F-025F-4C46-8092-B41315E249F2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F91D4FAA-9493-4F70-800C-56096F9C2FBE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B12573C-9C90-4790-BFEE-2BC43C2EB997}" = SmartSync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2
"{CC1A9319-2DDB-40F6-81B4-5EC6BF3B1CB1}" = Samsung PC Studio 1.0 PIM & File Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1ac566c-847c-49c0-a41c-d4d91d71972e}.sdb" = Prima Games Eguide Database
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8461-7759-5462-8226" = Vuze
"8461-7759-5462-8226-1" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"conduitEngine" = Conduit Engine
"Digital Camera Driver" = Digital Camera Driver
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Galileo Family Quiz - Spezial III" = Galileo Family Quiz - Spezial III
"Gehirnjogging - Der Trainer fürs Gedächtnis..." = Gehirnjogging - Der Trainer fürs Gedächtnis...
"Google Updater" = Google Updater
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Nokia Suite" = Nokia Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SlimBrowser" = FlashPeak SlimBrowser
"UnderCoverXP_is1" = UnderCoverXP 1.19
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.09.2009 04:09:18 | Computer Name = XXXXX | Source = ESENT | ID = 215
Description = WinMail (3760) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.

[ OSession Events ]
Error - 08.05.2009 06:54:26 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.05.2009 06:55:21 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.05.2009 06:55:39 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.05.2009 06:59:10 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.05.2009 06:59:57 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08.05.2009 07:01:56 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23.09.2009 15:21:59 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16.10.2009 03:19:49 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 53
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29.11.2010 19:34:51 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 478
seconds with 420 seconds of active time. This session ended with a crash.

Error - 18.12.2011 10:48:03 | Computer Name = XXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 282
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03.01.2012 18:53:17 | Computer Name = XXXXX | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 18:53:17 | Computer Name = XXXXX | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 18:53:17 | Computer Name = XXXXX | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 18:53:17 | Computer Name = XXXXX | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 19:16:51 | Computer Name = XXXXX | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 19:19:44 | Computer Name = XXXXX | Source = Service Control Manager | ID = 7001
Description =

Error - 03.01.2012 19:23:04 | Computer Name = XXXXX | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 03.01.2012 19:24:00 | Computer Name = XXXXX | Source = Service Control Manager | ID = 7026
Description =

Error - 05.01.2012 16:09:22 | Computer Name = XXXXX | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 05.01.2012 16:10:04 | Computer Name = XXXXX | Source = Service Control Manager | ID = 7026
Description =


< End of report >



Ich hoffe dass das so in Ordnung ist?!?

Alt 06.01.2012, 23:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System wurde gesperrt - Standard

System wurde gesperrt



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 11.01.2012, 09:30   #3
schniggels
 
System wurde gesperrt - Standard

System wurde gesperrt



Hallo Cosinus

Erstmal vielen Dank für die schnelle Antwort. Ich war leider ein paar Tage weg, konnte deshalb noch nicht antworten.
Werde mich aber erst morgen wieder darum kümmern können.

Bis dann
__________________

Antwort

Themen zu System wurde gesperrt
antivir, autorun, avira, avira searchfree toolbar, bho, bildschirm, conduit, desktop, error, excel.exe, firefox, flash player, format, google earth, home, install.exe, internet, launch, log-datei, logfile, microsoft office word, mozilla, netgear, nvidia update, plug-in, prima, realtek, registry, rundll, scan, sched.exe, security, senden, software, staropen, studio, system, usb 2.0, virus/trojaner, vista



Ähnliche Themen: System wurde gesperrt


  1. Ihr Computer wurde durch das system der automatischen Informationskontrolle gesperrt
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (13)
  2. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (2)
  3. Ihr Computer wurde durch das System der automatischen Informationskontrolle gesperrt
    Log-Analyse und Auswertung - 30.08.2012 (17)
  4. Achtung!Ihr Windows system wurde aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 01.03.2012 (8)
  5. Achtung ! Aus Sicherheitsgründen wurde ihr Windows-System gesperrt
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (19)
  6. Ihr Windows System wurde gesperrt...
    Log-Analyse und Auswertung - 17.02.2012 (19)
  7. [2x] ihr system wurde gesperrt /50 euro für dateien zahlen
    Mülltonne - 07.02.2012 (1)
  8. Aus Sicherheitsgründen wurde ihr System gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (1)
  9. Aus sicherheitsgründen wurde ihr Windows-System gesperrt!!! :S
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (1)
  10. Achtung: Ihr System wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (12)
  11. aus sicherheitsgründen wurde ihr system gesperrt - 50 euro bezahlen
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (8)
  12. 50€ Trojaner System wurde gesperrt...
    Log-Analyse und Auswertung - 06.01.2012 (1)
  13. aus sicherheitsgründen wurde ihr system gesperrt - 50 euro bezahlen
    Log-Analyse und Auswertung - 06.01.2012 (17)
  14. Trojaner! System wurde aus Sicherheitsgründen gesperrt.
    Log-Analyse und Auswertung - 04.01.2012 (15)
  15. aus Sicherheitsgründen wurde ihr System gesperrt - 50 Euro bezahlen...
    Alles rund um Windows - 02.01.2012 (2)
  16. Aus Sicherheitsgründen wurde ihr System gesperrt
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (1)
  17. Ihr system wurde gesperrt...
    Log-Analyse und Auswertung - 05.12.2011 (6)

Zum Thema System wurde gesperrt - Guten Abend. Ich habe mir einen Virus/Trojaner eingefangen, benötige eure Hilfe!! Besprochen habt iher das ganze ja schon aber ich wollte meine Log-Datei mal posten. Nun das übliche: War im - System wurde gesperrt...
Archiv
Du betrachtest: System wurde gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.