Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.12.2011, 16:18   #1
JamesP
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



Hallo,

ich habe das selbe problem wie viele anderen hier. Also bildschrim schwarz, taskmanager funzt nicht usw. ihr wisst sicher was ich meine . Ich hab mir einige threats hier durchgelesen und wollte es mal ausprobieren. Problem: mein abgesicherter modus startet nicht und hört auf weiter zumachen bzw / hört auf zu arbeiten ab Loaded \windows\system32\drivers\crcdisk.sys

hoffe auf schnelle Hilfe

Mfg

Alt 17.12.2011, 16:44   #2
markusg
/// Malware-holic
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



hi, hast du abgesicherter modus mit netzwerk gewählt?
__________________

__________________

Alt 17.12.2011, 16:47   #3
JamesP
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



nein also ganz normal ..
__________________

Alt 17.12.2011, 17:00   #4
markusg
/// Malware-holic
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



was passiert wenn du abgesicherter modus mit netzwerk wählst, startet der
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.12.2011, 17:02   #5
JamesP
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



nein, auch nicht .. hab mal an dem pc von dem ich hier schreibe geschaut wie lang er braucht bis der abgesicherte modus startet also dauert nicht wirklich lange .. bei meinem gehts wie ich schon sagte nicht mehr voran..


Alt 17.12.2011, 17:06   #6
markusg
/// Malware-holic
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



ok is ja kein ding.
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.
__________________
--> Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert

Alt 17.12.2011, 17:09   #7
JamesP
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



wie meinst du das, ob ich mit brenner dran komme`?

ah achso ja verlsesen sry ja komme ich ^^

Geändert von JamesP (17.12.2011 um 17:14 Uhr) Grund: verständnis

Alt 17.12.2011, 17:54   #8
JamesP
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



das mit dem booten muss dann aber auf dem infizierten pc sein oder?

Alt 17.12.2011, 18:24   #9
markusg
/// Malware-holic
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



na klar von dem infiziertem pc.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.12.2011, 18:33   #10
JamesP
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



so hey hab das mit dem booten mal gemacht glaub aber das es icht wirklich funktioniert hat hab die inet verbindung mal von dem infizierten pc entfehrnt diesmal kam diese achtung.. meldung nciht was soll ich jetzt tun ? kann per usb schnell alles rübekopieren.

Alt 17.12.2011, 18:35   #11
markusg
/// Malware-holic
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



was maawas hast du gemacht? du sollst doch einfach nur die cd brennen und dann davon den pc starten den infizierten logischerweise alles andere macht ja keinen sinn dann das log erstellen auf nen stick kopieren und hier ins forum stellen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.12.2011, 20:45   #12
JamesP
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



OTL
_________________________________OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.12.2011 21:17:26 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Neu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,32% Memory free
6,22 Gb Paging File | 5,01 Gb Available in Paging File | 80,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,69 Gb Total Space | 76,72 Gb Free Space | 16,84% Space Free | Partition Type: NTFS
Drive D: | 10,07 Gb Total Space | 1,38 Gb Free Space | 13,72% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Neu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.17 17:25:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe
PRC - [2011.10.19 21:35:51 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.15 15:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.08.15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 05:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.21 05:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.08.19 07:12:52 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.11.23 12:39:31 | 005,888,696 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe
PRC - [2009.11.23 12:39:31 | 005,608,632 | ---- | M] (Salfeld Computer) -- C:\Windows\System32\cc32\webtmr.exe
PRC - [2009.11.23 12:39:31 | 000,979,632 | ---- | M] (Salfeld Computer) -- C:\Windows\System32\cchservice.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:36 | 000,067,584 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007.04.07 02:56:47 | 000,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jusched.exe
PRC - [2007.02.15 12:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.04.11 07:27:36 | 000,067,584 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (GameConsoleService)
SRV - [2011.12.14 20:40:55 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.29 12:36:13 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.08.19 07:12:52 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.06 00:19:17 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Neu\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.01.12 23:09:00 | 003,395,532 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.23 12:39:31 | 000,979,632 | ---- | M] (Salfeld Computer) [Auto | Running] -- C:\Windows\System32\cchservice.exe -- (Windows-CCHook-Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.08 18:08:21 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.21 05:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.02.22 14:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008.02.22 14:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.02.22 14:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.12.07 16:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 20:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.01.26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.04.28 16:24:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2005.12.06 16:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2003.04.18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 16:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{B29B86EA-3BA9-49F4-9B5C-44AE0D4D645D}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 CE BA 7E ED C2 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.99999
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 13:17:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.13 13:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.22 21:29:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Neu\AppData\Roaming\5008
 
[2009.10.28 15:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neu\AppData\Roaming\mozilla\Extensions
[2011.12.15 16:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions
[2010.04.27 20:28:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.11 12:16:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.28 20:34:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.13 13:20:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.17 21:13:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.06.22 01:10:45 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\toolbar@ask.com
[2010.03.06 00:19:22 | 000,001,054 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\conduit.xml
[2010.10.25 17:54:51 | 000,002,286 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\googlede.xml
[2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-1.xml
[2011.09.01 16:15:12 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-10.xml
[2011.09.09 14:17:41 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-11.xml
[2011.09.27 20:49:09 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-12.xml
[2011.10.01 12:24:31 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-13.xml
[2011.11.13 13:20:57 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-14.xml
[2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-2.xml
[2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-3.xml
[2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-4.xml
[2010.10.25 19:15:35 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-5.xml
[2010.11.16 20:53:32 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-6.xml
[2011.07.05 10:23:37 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-7.xml
[2011.08.02 16:03:02 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-8.xml
[2011.08.17 21:28:01 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin.xml
[2010.10.25 17:54:52 | 000,001,695 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\web-search.xml
[2010.10.25 17:54:52 | 000,002,152 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\{49877FB4-8465-4100-999B-C8559EF12E4E}.xml
[2010.10.25 17:54:52 | 000,001,834 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\{AB9A0B8A-0ACE-4C61-AF60-4F2D682DC47F}.xml
[2010.10.25 17:54:52 | 000,002,041 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\{E41A30D2-E0C3-413D-8535-90FE9795A4EE}.xml
[2011.11.13 13:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.03 19:04:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.15 11:05:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.11.14 16:03:40 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
() (No name found) -- C:\USERS\NEU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I0HEF4DC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.13 13:20:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.10 16:21:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011.09.09 14:17:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.09 14:17:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.05.04 18:56:22 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml
[2010.05.04 18:56:22 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml
[2010.05.04 18:56:22 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml
[2011.09.09 14:17:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.09 14:17:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.05.04 18:56:22 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml
[2010.05.04 18:56:22 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml
[2010.05.04 18:56:22 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml
[2010.05.04 18:56:22 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml
[2010.05.04 18:56:22 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml
[2011.09.09 14:17:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.09 14:17:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2010.05.04 18:56:22 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml
 
O1 HOSTS File: ([2010.07.17 01:20:48 | 000,000,937 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Byteswarm\LiveUpdate\LiveUpdate.exe (AceGain Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Neu\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_16_Plus_Download-Version\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Neu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [firefox.exe] C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [Java developer Script Browse] C:\Users\Public\jusched.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Mpk.exe = C:\Program Files\Crysis\KGB\Mpk.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9387C991-5D8C-40E0-97E4-464102180468}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73713B5-224F-4FCF-AA39-697F40C8AC35}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Neu\AppData\Roaming\hotfix.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Neu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Neu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.06 10:23:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c7691ba-774a-11dd-afdf-001fc64b8c08}\Shell - "" = AutoRun
O33 - MountPoints2\{0c7691ba-774a-11dd-afdf-001fc64b8c08}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{aac97770-ff7e-11dc-95f2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aac97770-ff7e-11dc-95f2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Nvsetup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk - C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe - (ArcSoft, Inc.)
MsConfig - StartUpFolder: C:^Users^Neu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Screen Capturer.lnk - C:\Program Files\Screen Capturer\ScreenCapturer.exe - (ScreenCapturer.com)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
MsConfig - StartUpReg: ChicoSys - hkey= - key= -  File not found
MsConfig - StartUpReg: EPSON Stylus DX8400 Series - hkey= - key= -  File not found
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: TBPanel - hkey= - key= - C:\Program Files\Vtune\TBPanel.exe ()
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.17 20:46:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe
[2011.12.14 14:48:32 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 14:48:32 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 14:48:30 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 14:48:29 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 14:48:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 14:48:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 14:48:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 14:48:20 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 14:48:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 14:48:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.12.14 14:48:18 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 14:48:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.14 14:48:18 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.14 14:48:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.14 14:48:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 14:48:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.14 14:48:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.14 14:48:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 14:48:17 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.14 14:48:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.14 14:48:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.14 14:48:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.14 14:48:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.14 14:48:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.11.26 13:08:38 | 000,000,000 | ---D | C] -- C:\Users\Neu\AppData\Roaming\.minecraft
[2011.11.25 21:44:35 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\.minecraft
[2011.11.25 19:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.23 13:29:02 | 000,000,000 | ---D | C] -- C:\Users\Neu\AppData\Local\Chromium
[2011.11.22 21:29:31 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2011.11.22 21:29:31 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2011.11.22 21:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\REACTOR
[2011.11.22 21:28:18 | 007,822,632 | ---- | C] (Macrovision Corporation) -- C:\Users\Neu\Desktop\IJJI_REACTOR_INST_EN.exe
[2011.11.22 18:58:55 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\lilli hp
[2011.11.22 18:10:02 | 000,000,000 | ---D | C] -- C:\ijji
[2011.11.22 18:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ijji
[2011.11.21 19:36:00 | 3799,935,896 | ---- | C] (NHN USA Inc) -- C:\Users\Neu\Desktop\U_AVA_Setup.exe
[2011.11.20 20:42:07 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\wichtiger gta shit
[2011.11.20 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\CrossFire_1080
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Neu\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Neu\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Neu\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Neu\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.17 20:41:26 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.17 19:24:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.17 19:24:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.17 19:24:14 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.17 19:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.17 19:24:01 | 3219,525,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.17 17:25:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe
[2011.12.15 16:10:38 | 000,465,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.14 21:35:13 | 000,194,654 | ---- | M] () -- C:\Users\Neu\Desktop\hgh.jpg
[2011.12.12 17:58:50 | 000,889,435 | ---- | M] () -- C:\Users\Neu\Desktop\2011-12-12 18.58.51.jpg
[2011.12.12 17:57:58 | 000,942,137 | ---- | M] () -- C:\Users\Neu\Desktop\2011-12-12 18.57.58.jpg
[2011.12.08 22:12:13 | 000,246,050 | ---- | M] () -- C:\Users\Neu\Desktop\imba8.jpg
[2011.12.08 18:08:21 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.07 22:08:45 | 000,061,973 | ---- | M] () -- C:\Users\Neu\Desktop\375530_264254766957614_178866558829769_679430_1849437699_n.jpg
[2011.12.06 19:35:37 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.12.06 19:35:24 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.12.06 19:33:55 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.12.04 22:32:03 | 000,643,366 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.04 22:32:03 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.04 22:32:03 | 000,131,578 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.04 22:32:03 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.30 22:48:59 | 000,269,663 | ---- | M] () -- C:\Users\Neu\Desktop\dhmm.jpg
[2011.11.25 21:42:27 | 001,102,574 | ---- | M] () -- C:\Users\Neu\Desktop\mcpatcher-2.2.2.exe
[2011.11.25 19:47:27 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.22 21:31:42 | 000,000,171 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2011.11.22 21:31:40 | 000,001,654 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2011.11.22 21:28:45 | 007,822,632 | ---- | M] (Macrovision Corporation) -- C:\Users\Neu\Desktop\IJJI_REACTOR_INST_EN.exe
[2011.11.22 18:57:53 | 000,000,766 | ---- | M] () -- C:\Users\Neu\Desktop\AVA - Verknüpfung.lnk
[2011.11.22 00:20:42 | 3799,935,896 | ---- | M] (NHN USA Inc) -- C:\Users\Neu\Desktop\U_AVA_Setup.exe
[2011.11.21 23:41:30 | 000,029,972 | ---- | M] () -- C:\Users\Neu\Desktop\kid-cudi-arrested1.jpg
[2011.11.21 23:32:27 | 000,149,600 | ---- | M] () -- C:\Users\Neu\Desktop\377954_282778178430442_100000947860374_799212_340569781_n.jpg
[2011.11.20 20:51:47 | 000,000,895 | ---- | M] () -- C:\Users\Neu\Desktop\CrossFire.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.14 21:35:12 | 000,194,654 | ---- | C] () -- C:\Users\Neu\Desktop\hgh.jpg
[2011.12.12 19:06:44 | 000,889,435 | ---- | C] () -- C:\Users\Neu\Desktop\2011-12-12 18.58.51.jpg
[2011.12.12 19:06:43 | 000,942,137 | ---- | C] () -- C:\Users\Neu\Desktop\2011-12-12 18.57.58.jpg
[2011.12.08 22:12:12 | 000,246,050 | ---- | C] () -- C:\Users\Neu\Desktop\imba8.jpg
[2011.12.07 22:08:44 | 000,061,973 | ---- | C] () -- C:\Users\Neu\Desktop\375530_264254766957614_178866558829769_679430_1849437699_n.jpg
[2011.11.30 22:48:58 | 000,269,663 | ---- | C] () -- C:\Users\Neu\Desktop\dhmm.jpg
[2011.11.25 21:42:21 | 001,102,574 | ---- | C] () -- C:\Users\Neu\Desktop\mcpatcher-2.2.2.exe
[2011.11.25 19:47:27 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.22 21:31:42 | 000,000,171 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2011.11.22 21:31:40 | 000,001,654 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2011.11.22 18:57:53 | 000,000,766 | ---- | C] () -- C:\Users\Neu\Desktop\AVA - Verknüpfung.lnk
[2011.11.21 23:41:29 | 000,029,972 | ---- | C] () -- C:\Users\Neu\Desktop\kid-cudi-arrested1.jpg
[2011.11.21 22:52:53 | 000,149,600 | ---- | C] () -- C:\Users\Neu\Desktop\377954_282778178430442_100000947860374_799212_340569781_n.jpg
[2011.11.20 20:51:47 | 000,000,895 | ---- | C] () -- C:\Users\Neu\Desktop\CrossFire.lnk
[2011.05.29 20:47:28 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.02.08 08:27:46 | 000,138,056 | ---- | C] () -- C:\Users\Neu\AppData\Roaming\PnkBstrK.sys
[2011.02.08 08:27:30 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.11.06 22:44:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\swctl.dll
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.05.27 23:11:38 | 000,002,032 | ---- | C] () -- C:\Users\Neu\AppData\Local\d3d9caps.dat
[2010.05.27 23:11:38 | 000,001,648 | ---- | C] () -- C:\Users\Neu\AppData\Local\d3d8caps.dat
[2010.04.29 20:37:08 | 000,000,000 | ---- | C] () -- C:\Users\Neu\AppData\Local\rx_image.Cache
[2010.04.10 13:08:14 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.03.10 21:54:02 | 000,000,091 | ---- | C] () -- C:\Users\Neu\AppData\Local\fusioncache.dat
[2009.11.23 12:39:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.23 12:39:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.11.23 12:38:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.10.30 10:04:33 | 000,044,645 | ---- | C] () -- C:\Windows\System32\httpuurl.dat
[2009.10.30 10:04:33 | 000,001,548 | ---- | C] () -- C:\Windows\System32\nogoapp.dat
[2009.10.30 10:04:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\ccwt64.dat
[2009.10.28 15:15:17 | 000,024,064 | ---- | C] () -- C:\Users\Neu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.01 05:22:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.12 14:30:30 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.11.28 21:31:46 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.11.28 21:31:25 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.11.28 21:31:24 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008.11.28 21:31:24 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.08.31 13:08:43 | 008,090,386 | ---- | C] () -- C:\Windows\System32\httpsurl.dat
[2008.08.31 13:08:42 | 000,000,145 | -H-- | C] () -- C:\Windows\System32\CTLSW.INI
[2008.08.31 13:08:37 | 000,000,529 | ---- | C] () -- C:\Windows\System32\nochook.ini
[2008.08.31 11:53:03 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2008.08.27 22:02:20 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008.08.19 13:37:50 | 000,000,555 | ---- | C] () -- C:\Windows\eReg.dat
[2008.07.29 06:30:29 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.07.29 06:30:29 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.07.29 06:27:16 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2008.07.29 06:27:16 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2008.07.28 19:42:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.07.28 19:42:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.07.28 19:42:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.07.28 19:42:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.07.28 19:42:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.07.28 19:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.07.28 19:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.07.28 19:42:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.07.28 19:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.07.28 19:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.07.28 19:42:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.07.28 19:42:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.07.28 19:42:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.07.28 19:42:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.07.28 19:42:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.07.28 19:42:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.07.28 19:42:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.07.28 19:42:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.07.28 19:42:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.07.28 19:33:51 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008.03.06 17:55:16 | 000,643,366 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.03.06 17:55:16 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.03.06 17:55:16 | 000,131,578 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.03.06 17:55:16 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.03.06 10:14:24 | 000,111,448 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008.03.06 09:53:43 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008.03.06 09:51:10 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.03.06 09:51:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.11.14 18:42:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007.11.09 12:01:59 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psyswin32.dll
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Neu\AppData\Local\lame_enc.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,465,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,742 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Neu\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Neu\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Neu\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Neu\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Neu\AppData\Local\no23xwrapper.dll
[2000.02.28 15:26:02 | 000,092,660 | ---- | C] () -- C:\Windows\System32\bass.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.05.20 14:17:12 | 000,280,064 | ---- | C] () -- C:\Windows\System32\CNCS232.DLL
 
========== LOP Check ==========
 
[2011.11.26 13:08:42 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\.minecraft
[2009.12.18 22:12:46 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\EverAd
[2009.11.14 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\FreeFLVConverter
[2011.01.05 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\gtk-2.0
[2011.12.16 14:01:13 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\ICQ
[2011.02.08 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\LolClient
[2011.05.29 20:55:49 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\MAGIX
[2010.01.12 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\McLoad
[2010.08.02 16:32:05 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Need for Speed World
[2010.03.06 00:19:17 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\OCS
[2010.03.06 00:19:22 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Opera
[2011.11.16 14:50:55 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\PhotoScape
[2010.02.16 22:39:55 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Research In Motion
[2010.04.10 13:26:40 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Samsung
[2011.02.05 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Soldat
[2010.03.21 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\TeamViewer
[2010.10.13 20:50:02 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\TS3Client
[2010.12.03 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\UAs
[2009.11.04 16:55:40 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\WinBatch
[2011.01.16 01:14:33 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Winsock-Chat
[2010.12.03 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\xmldm
[2011.12.17 16:10:18 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.10.18 21:06:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.12.13 20:31:43 | 000,000,000 | ---D | M] -- C:\735e1701f0a0219f68334ddc
[2010.04.29 20:28:27 | 000,000,000 | ---D | M] -- C:\AV_LOGS
[2010.01.29 13:18:47 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.11.24 22:15:34 | 000,000,000 | ---D | M] -- C:\CFLog
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.07.28 18:47:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.08.29 21:04:52 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2011.01.21 13:39:17 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.05.23 11:54:11 | 000,000,000 | ---D | M] -- C:\gamigo
[2009.11.18 17:28:23 | 000,000,000 | -H-D | M] -- C:\hp
[2011.11.22 18:10:02 | 000,000,000 | ---D | M] -- C:\ijji
[2008.10.23 18:52:12 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.03.09 23:22:21 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.11.03 17:15:27 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.22 21:29:30 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.15 21:07:21 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.07.28 18:47:50 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.14 22:20:32 | 000,000,000 | ---D | M] -- C:\rads
[2011.12.17 21:03:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.11.26 12:26:10 | 000,000,000 | ---D | M] -- C:\Temp
[2009.11.04 18:04:08 | 000,000,000 | ---D | M] -- C:\The Games Page
[2011.08.24 18:23:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.16 14:50:55 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2007.01.18 21:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\Neu\AppData\Local\No23 Recorder.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.06 18:30:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4db4e301\atapi.sys
[2008.03.06 18:30:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20693_none_db7d35eb3dc727cc\atapi.sys
[2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys
[2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.03.06 10:03:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.03.06 10:03:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\hp\drivers\nvidia_storage\nvstor32.sys
[2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\drivers\nvstor32.sys
[2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_0ccbf6f4\nvstor32.sys
[2007.12.07 16:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=689A2160B851F8BF88F20728FD2F30BD -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_d22c7930\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.03.06 18:04:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2008.03.06 18:04:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.01.07 12:05:50 | 000,005,389 | ---- | M] () -- C:\Users\Neu\.recently-used.xbel
[2009.10.28 15:24:08 | 000,000,377 | ---- | M] () -- C:\Users\Neu\Jonas.lnk
[2011.12.17 21:39:33 | 003,670,016 | -HS- | M] () -- C:\Users\Neu\ntuser.dat
[2011.12.17 21:39:33 | 000,262,144 | -H-- | M] () -- C:\Users\Neu\ntuser.dat.LOG1
[2009.10.28 15:00:29 | 000,000,000 | -H-- | M] () -- C:\Users\Neu\ntuser.dat.LOG2
[2011.12.17 16:10:17 | 000,065,536 | -HS- | M] () -- C:\Users\Neu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.12.17 16:10:17 | 000,524,288 | -HS- | M] () -- C:\Users\Neu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.10.28 22:39:31 | 000,524,288 | -HS- | M] () -- C:\Users\Neu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.10.28 15:00:29 | 000,000,020 | -HS- | M] () -- C:\Users\Neu\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Neu\Desktop\2011-05-29 - 02.mpg:TOC.WMV
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D06A4C76

< End of report >
         
--- --- ---

Alt 17.12.2011, 20:47   #13
JamesP
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



EXTRAS
______________OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.12.2011 21:17:26 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Neu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,32% Memory free
6,22 Gb Paging File | 5,01 Gb Available in Paging File | 80,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,69 Gb Total Space | 76,72 Gb Free Space | 16,84% Space Free | Partition Type: NTFS
Drive D: | 10,07 Gb Total Space | 1,38 Gb Free Space | 13,72% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Neu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD8FE75-105D-4186-A97A-BB7EE53D39AB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{157CE713-F56B-40F5-9968-EC194ED07A7A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{33413EB1-8562-4C4D-8C2E-B44894D941DD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4BCF574E-3CBE-45FB-9629-9456A5355A8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{60F2DC52-2127-4C96-9699-599FC1A1D3FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D35FA5E-4AEF-4EEE-AAA9-7E6F15FCBA9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A8C6B90-6EC6-44FA-AC4B-E89631D37684}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BB5EB706-7320-4000-B47E-559160B53D8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E2957BB6-CD00-4367-933A-8C6858C481F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1D0F820-E5D2-4306-A547-4D0743619A1E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F620CBD3-6745-412A-B9C9-9B26D32E2484}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0041945B-BA87-4EE2-9BA0-4CBFF03CF9BF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{0645BB43-CD81-4B69-959D-4E40383F1F18}" = protocol=6 | dir=in | app=c:\users\jonas\desktop\bf2.exe | 
"{09483105-75B8-4BC0-976D-9619971A13DF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{09D2E352-9A45-4C09-9499-D52594B4FCCC}" = protocol=6 | dir=in | app=c:\program files\i-buddy manager\i-buddymanager.exe | 
"{0BA4942D-A329-4419-A710-CF69AF3087CD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{144076F8-27DE-4D1B-BF79-E9CB549D7E9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1CB15FA8-CD09-43D2-8BFF-A2A0734C80D2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{1CB30A6F-B44D-4CCA-A1FA-02877D913498}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{238F807A-2F01-4A3B-B81B-3CDD23B0D99E}" = protocol=17 | dir=in | app=c:\program files\i-buddy manager\i-buddymanager.exe | 
"{2887A703-3E96-4C53-BC4F-5C945CA7FAB8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{29967F15-E18C-4639-B321-BC71A7B80236}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{2F36F780-AEB1-49F0-8C81-E9885ACD2A89}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{34057510-0C0A-4479-A2C8-B41EFB161164}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{36D618E0-A43D-44D9-9F6C-51ADE3A81BCE}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{3D543911-BE09-4F0D-A4A8-C71EA936437B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{438BD11A-A14F-48CC-B2E4-29D0E3DEB60D}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{48E96D45-68C7-4AB3-9EF0-5B741D470704}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{4DBDE3D3-FEA3-4D6B-8DD7-1567E6A7C15B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{4DD1CD7E-C2CE-463A-B844-FB11C69A6CFC}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{52A00628-97FA-4970-94F3-D89946312596}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{54475131-D65E-4D26-9B09-C117E6A2BDC4}" = protocol=6 | dir=in | app=c:\users\neu\appdata\local\akamai\netsession_win.exe | 
"{6080CF54-BC34-4C00-8399-DC9944EAE22A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{661C2C2F-ADB1-4C30-828C-D4B989599D26}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | 
"{66AB7BAD-4EC4-4488-978E-F6E15082E271}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{695C2F3B-CED8-43EC-B981-0E8089C302BF}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{6987830B-2325-4467-81D9-C9E183FBD9BD}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6BF1EC7D-9A06-466B-81B4-4BB460BB08F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{6C3BEFD8-05CE-41C4-BBCE-D856D75F2CC0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6CEA65DB-A6F7-4048-A287-2EAA0A384322}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7494D9DF-8A41-4F28-8830-B7A43C49FEE0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7615B6DE-4B51-4DC7-9F61-AAB9A8C3652B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8B434783-2C48-4D25-B838-FA63C5AD96E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{95169441-6FE0-4054-9BD1-3BC1D110E0BC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{95FC1969-427E-4968-AF6D-195E39F9AE22}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{996FA132-F120-47A0-A6E1-B5DDCC940940}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe | 
"{9D3F746D-9D6E-4F4A-B0E3-99B499402F2D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9FB2F48E-F5AD-4786-8E68-76736EEDBEA3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A09721A9-AAE3-4821-80A0-C1856A86FCC5}" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe | 
"{A661E410-201F-4232-AEE1-2A910B2A2E2D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{AA2D2210-FBE1-44C5-85D7-1DA00BDB9871}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{AF436557-654F-4DB3-9901-4F1D8A64800E}" = protocol=17 | dir=in | app=c:\users\neu\appdata\local\akamai\netsession_win.exe | 
"{BAF1C590-0BFF-43AB-97DE-24288AC63E32}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{BC50B70D-273D-45F7-A5B7-2A5F9FF22613}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{BCE66393-9326-4CDF-B9D3-C2578BCA32DA}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe | 
"{BDECB72C-4062-46EC-96A3-CDC44371F77B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142 deluxe edition\bf2142.exe | 
"{BF2A61E0-AA98-4A11-8C9C-982793C5A4A2}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{D1615FA5-C02C-4044-903A-3D9E58EECB61}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{D3A8EAB6-E24F-4448-AFAF-FD0FE93A8A7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D49AB8B6-6DB8-4CCE-9BC9-CC4D2EAC5CCF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D80082AA-D3FC-4C5E-B0C8-D96B7C364444}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E0072442-4D5E-47BB-AFB7-C57AABBA17A3}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe | 
"{E198455C-2BE0-4D19-B703-359CCC7A5A24}" = protocol=17 | dir=in | app=c:\users\jonas\desktop\bf2.exe | 
"{E42498B2-F183-411C-B7E4-3A4DEE3FFFE7}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{E96CFAA2-187D-4AB5-A612-190B0ED71182}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EA51856D-62C1-435F-9242-E729C1A48346}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{EAC8B09B-46B0-4240-BD27-3881410D8FC2}" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe | 
"{EBAFCDFC-A7BE-4C0A-87EC-B83B4B6F8388}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{EBD60429-BEF8-42F8-A8A6-7209A1965BF3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{EC74283F-7014-4BDA-B695-6098950B2B6B}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142 deluxe edition\bf2142.exe | 
"{F75736B2-C565-4315-A752-8C4F43692438}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe | 
"{F76A4268-0BF6-4504-9897-2B36008B615E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{F7C8779E-56D8-4D4B-9DE9-7DB36642CC6F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{F8989487-8E76-42CC-9CAF-EBB1A9637B8D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{F9D364EC-2066-477A-86B8-41A38442C6D3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{FE1A33D6-3089-4E64-BB42-34213DF3C42E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"TCP Query User{037606DC-5650-4F73-ADF1-394A6A8A7C71}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"TCP Query User{0B017C49-8318-4E6A-8483-4B01D10115C8}C:\program files\novalogic\joint operations typhoon rising\jointops.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\jointops.exe | 
"TCP Query User{1AB1860E-1F4D-4731-86ED-1D7B3AE12611}F:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe" = protocol=6 | dir=in | app=f:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe | 
"TCP Query User{2D085435-37F9-4A31-B265-381E441D3109}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{32F2FA77-36C5-4998-A6AD-FD19BA6BB0C5}C:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe | 
"TCP Query User{466660D9-179C-4A4F-9DCF-5F9A4E42B463}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | 
"TCP Query User{46D70E1C-9CCF-49EE-99E4-D2A5FA12843A}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"TCP Query User{509D2C25-E9C6-43CC-82E4-3DCB124192B4}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"TCP Query User{50B3F2B2-591D-4D04-922F-668431E646B9}C:\program files\crysis\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files\crysis\bin32\crysis.exe | 
"TCP Query User{589025F1-5E5E-473C-A9B7-E9A197FA83FF}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"TCP Query User{5B47C67E-F203-4557-B80C-EF08A1F7426D}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe | 
"TCP Query User{5EBC75B5-15EA-430E-A538-034EAB471D1A}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | 
"TCP Query User{619FB7A0-E196-4624-832E-166B2A89A4ED}C:\program files\z8games\crossfire\cf_g4box.exe" = protocol=6 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe | 
"TCP Query User{658DAA1C-C27E-4AC1-8817-27ACE2C1A884}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{7531CC57-B37B-408C-8E33-E8BB98D005FB}C:\program files\ea games\bfvietnam_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\bfvietnam_w32ded.exe | 
"TCP Query User{8BF401A2-ED19-438C-A88D-EA3CEEB957F1}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=6 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe | 
"TCP Query User{92CB3F9C-22CE-4A3F-9717-E62E73FD82BA}C:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe | 
"TCP Query User{9CED6B91-E294-4E4A-B806-91EC3CAFED3F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A2C83B2C-2D07-4D7F-AD45-D0766D762B5D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{A5696E75-8F49-4AD1-8C4D-9383888938BC}C:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe | 
"TCP Query User{A7A5CDC6-6A68-4918-BF6A-EA1ED6C5733A}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"TCP Query User{AF9EC5A6-60E4-4E11-BA60-F7B7ABAD12B9}C:\program files\activision\call of duty - world at war\codwaw2.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw2.exe | 
"TCP Query User{BD3C6203-EE1E-45F2-86B2-9ED509DC20FF}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"TCP Query User{BDA1A443-C931-42D6-914D-84CF1A367354}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"TCP Query User{C10B7475-7BB2-49D4-82F1-2ADFCCFD4B57}C:\users\neu\desktop\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\league of legends\lol.launcher.exe | 
"TCP Query User{C4A34D53-1470-4CF3-94B8-6EAA6A6895A0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{C6EA65AB-1AD3-4C47-8ACD-06B9DAD82947}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe | 
"TCP Query User{C72DFECA-FB34-414F-874A-649193864C75}C:\program files\ea games\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\bfvietnam.exe | 
"TCP Query User{D7244BEC-3513-456F-8E66-FCA5300A922C}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe | 
"TCP Query User{D9D9C9C2-8898-4E97-B3A9-A2B50EA4091B}C:\program files\novalogic\joint operations typhoon rising\update.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\update.exe | 
"TCP Query User{DDDB31F7-95EF-408B-9982-D3CB9AE8F535}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{DFD0AA41-88CB-4B46-9C09-C0C910B0FFB4}F:\l4d2\left4dead2.heiising" = protocol=6 | dir=in | app=f:\l4d2\left4dead2.heiising | 
"TCP Query User{E2D20D4D-7CBA-4344-BD6D-43A281604AD9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E2D4B108-E1AD-438E-A4D0-F56FC306A586}C:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe | 
"TCP Query User{E6636CAB-42B3-4BC4-B3FC-0A0BEAA9ACFB}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"TCP Query User{ED677A53-D535-4310-8645-38A9AE729FA3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F38B093B-0FBD-421A-82AF-0954838B8FDC}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
"TCP Query User{F9C8D732-D2F1-4B5E-9660-EA5AB9951BBB}C:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe | 
"TCP Query User{FA4E5968-690C-4F93-8D40-680D9ED6AE7B}C:\program files\counter-strike source\srcds.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\srcds.exe | 
"UDP Query User{0D2D13FC-773A-445C-ADDC-DF6876AB63A0}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{1243FF20-BA23-4E9D-B6EA-CECDC1CE7B33}C:\program files\ea games\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\bfvietnam.exe | 
"UDP Query User{174C1F81-5A23-4CB9-8D5A-F0BE59BCF854}C:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe | 
"UDP Query User{2158D587-4AC1-426A-B43B-0FAECEF64E86}F:\l4d2\left4dead2.heiising" = protocol=17 | dir=in | app=f:\l4d2\left4dead2.heiising | 
"UDP Query User{33934978-2389-4299-BA48-5B272CE01504}C:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe | 
"UDP Query User{346730F1-0A9A-4B72-883D-FA2ACE32F1FA}C:\program files\z8games\crossfire\cf_g4box.exe" = protocol=17 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe | 
"UDP Query User{39A5A25D-EA3D-4C71-8634-F93B5319C05D}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe | 
"UDP Query User{40DC8937-CDFF-4D1E-86D5-5B098F4DDE79}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe | 
"UDP Query User{43E55E52-E297-4415-81C9-A9F64C9A2CB1}C:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe | 
"UDP Query User{4A3155AB-F49F-4138-BEAE-5C04B56F69F5}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{4B0CD05A-B921-49B2-8FCF-9F1DAD5774C3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{4DC3FAB8-2EFB-48BF-9A35-F86FE21AB1D2}F:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe" = protocol=17 | dir=in | app=f:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe | 
"UDP Query User{58FB4247-F709-4735-ACE7-FC72731B3969}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"UDP Query User{59F5A2C7-7964-44D5-B628-1518902B9387}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"UDP Query User{5B015E4B-DAA8-471D-9908-16489AE7880E}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe | 
"UDP Query User{61088C7E-F725-430A-9D65-30983E1F841C}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe | 
"UDP Query User{6381CB07-6565-4354-B17B-E4969E24495C}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe | 
"UDP Query User{652C7C88-8910-48D1-8888-330E3B4AA818}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe | 
"UDP Query User{6BA58D73-FB5F-429A-94C6-7090725465A8}C:\program files\novalogic\joint operations typhoon rising\jointops.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\jointops.exe | 
"UDP Query User{6E3CE62C-2200-4554-9DE8-612274DA4519}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{6E45EEEB-16E1-422D-BC14-30C4514B25A2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{77FE412E-A7EF-4D4A-82EB-0D1505753DB1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{7950F971-CBF8-4793-9DF3-4B96E32C9044}C:\users\neu\desktop\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\league of legends\lol.launcher.exe | 
"UDP Query User{7E6B20CD-9462-4F9F-B365-C599416E79E9}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{8A2B2015-414F-4A8D-A39A-42ECD80A7955}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe | 
"UDP Query User{9D9825C4-359B-4F73-87C4-1BA8518DACCB}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe | 
"UDP Query User{A210228E-537B-4C66-A003-3EDB66FC7E5C}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"UDP Query User{ADF5B0CB-FDE9-42FC-BC43-32A3695162CD}C:\program files\activision\call of duty - world at war\codwaw2.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw2.exe | 
"UDP Query User{B2AFCF8C-344C-438C-9947-20F2EDFC6A5C}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | 
"UDP Query User{BE13A9D1-5BB7-4EFD-A56B-160BBEB29D3A}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe | 
"UDP Query User{C5E723D1-FA5B-4048-B99D-CBACFCA8A8BB}C:\program files\novalogic\joint operations typhoon rising\update.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\update.exe | 
"UDP Query User{C6B2BB73-0CA2-4620-9ECC-2D2B21F9FDA9}C:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe | 
"UDP Query User{C99F0E44-0A34-4388-824A-5C77C88E08F0}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{D9BAEF4F-412B-4F6A-9044-B0841A827B1F}C:\program files\ea games\bfvietnam_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\bfvietnam_w32ded.exe | 
"UDP Query User{E6FA790E-2CF9-4036-88A2-1D1E96EF661A}C:\program files\counter-strike source\srcds.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\srcds.exe | 
"UDP Query User{ED876495-55DA-4112-9A4A-1ECF90053814}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe | 
"UDP Query User{F202887C-A45A-4CF0-96AB-49802FC2B42E}C:\program files\crysis\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files\crysis\bin32\crysis.exe | 
"UDP Query User{F4D0EDEB-CC00-4EA9-A318-B14371A541E4}C:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe | 
"UDP Query User{FE53FD56-43E4-4FBD-9197-24722218EB00}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=17 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1104E2E0-9378-455d-9E0E-6235A4E52DB0}_is1" = ArchLord
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{441C8911-CEC0-19E6-6CAC-694553E06A28}" = myphotobook.de
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{93712806-272D-485E-8D8E-C08E861CF3E0}" = A.V.A
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cross Fire_is1" = Cross Fire En
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"EA Download Manager" = EA Download Manager
"Fraps" = Fraps (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Plus Download-Version D" = MAGIX Video deluxe 16 Plus Download-Version 9.0.0.55 (D)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MySSID_is1" = Vtune 7.13
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Steam App 620" = Portal 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Akamai" = Akamai NetSession Interface
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.12.2011 16:24:39 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16583
 
Error - 03.12.2011 16:24:39 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16583
 
Error - 05.12.2011 13:08:11 | Computer Name = Jonas-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x71d4610a]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 07.12.2011 09:21:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel
 0x47918de2, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x5782400e,  Prozess-ID 0x84c, 
Anwendungsstartzeit 01ccb4e306aab9a5.
 
Error - 07.12.2011 09:30:03 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel
 0x47918de2, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x57824002,  Prozess-ID 0x84c, 
Anwendungsstartzeit 01ccb4e306aab9a5.
 
Error - 11.12.2011 12:40:11 | Computer Name = Jonas-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x725c614a]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 17.12.2011 10:49:20 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01b94, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x5782400e,  Prozess-ID 0x784, 
Anwendungsstartzeit 01ccbccb0c88442c.
 
Error - 17.12.2011 11:05:59 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel
 0x47918de2, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x57824002,  Prozess-ID 0x878, 
Anwendungsstartzeit 01ccbccd380ac67c.
 
Error - 17.12.2011 11:07:26 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047336,  Prozess-ID 0x6a4, Anwendungsstartzeit
 01ccbccd33c62f5c.
 
Error - 17.12.2011 11:27:41 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047336,  Prozess-ID 0x5e4, Anwendungsstartzeit
 01ccbcd04b74b784.
 
[ System Events ]
Error - 17.12.2011 12:48:34 | Computer Name = Jonas-PC | Source = sfsync03 | ID = 262145
Description = 
 
Error - 17.12.2011 12:48:38 | Computer Name = Jonas-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 17.12.2011 12:49:18 | Computer Name = Jonas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.12.2011 um 17:47:16 unerwartet heruntergefahren.
 
Error - 17.12.2011 12:50:33 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.12.2011 12:50:33 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.12.2011 14:23:49 | Computer Name = Jonas-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 17.12.2011 14:24:08 | Computer Name = Jonas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.12.2011 um 17:59:18 unerwartet heruntergefahren.
 
Error - 17.12.2011 14:25:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.12.2011 14:25:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 17.12.2011 14:25:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 17.12.2011, 20:53   #14
JamesP
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



ach und die frage ist es normal das dieser trojaner nicht wirkt wenn das internet aus ist? weil bei mir hat er jz nichts machen können wie oben schon gesagt..

Alt 18.12.2011, 15:40   #15
markusg
/// Malware-holic
 
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Standard

Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert



hi

achtung!

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [firefox.exe] C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
:Files
C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         



• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert
abgesicherter, abgesicherter modus, abgesicherter modus startet nicht, achtung, achtung!, andere, anderen, arbeiten, aus sicherheitsgründen wurde ihr windowssystem blockiert, bildschrim, blockiert, drivers, funzt, modus, problem, schnelle, schnelle hilfe, schwarz, starte, startet, startet nicht, system, system32, taskma, taskmanager, threats, windows, wisst, wurde ihr



Ähnliche Themen: Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert


  1. Achtung! Aus Sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 16.05.2012 (10)
  2. achtung aus sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 12.03.2012 (8)
  3. Achtung Ihr Windowssystem wurde aus Sicherheitsgründen blockiert
    Log-Analyse und Auswertung - 23.02.2012 (25)
  4. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 23.02.2012 (20)
  5. Achtung aus Sicherheitsgründen wurde Ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 22.02.2012 (20)
  6. Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert!
    Log-Analyse und Auswertung - 10.02.2012 (30)
  7. Achtung!Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Log-Analyse und Auswertung - 01.02.2012 (41)
  8. Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 30.01.2012 (38)
  9. Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem blockiert ...
    Log-Analyse und Auswertung - 29.01.2012 (9)
  10. Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 25.01.2012 (1)
  11. Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert!
    Log-Analyse und Auswertung - 21.01.2012 (3)
  12. Achtung, aus Sicherheitsgründen wurde ihr Windowssystem blockiert...
    Plagegeister aller Art und deren Bekämpfung - 11.01.2012 (15)
  13. Achtung! aus Sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 08.01.2012 (18)
  14. Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.
    Log-Analyse und Auswertung - 07.01.2012 (19)
  15. Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (4)
  16. Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 16.12.2011 (1)
  17. Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert
    Log-Analyse und Auswertung - 12.12.2011 (8)

Zum Thema Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert - Hallo, ich habe das selbe problem wie viele anderen hier. Also bildschrim schwarz, taskmanager funzt nicht usw. ihr wisst sicher was ich meine . Ich hab mir einige threats hier - Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert...
Archiv
Du betrachtest: Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.