Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.02.2012, 16:57   #1
JimBob21
 
"Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt." - Standard

"Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."



Hallo liebe Helferlein!

Auch mich hat nun das scheinbar altbekannte Virus heimgesucht. Insofern brauche ich wohl nichts mehr zur "Symptomatik" schreiben.

Habe OTL im abgesicherten Netzwerkmodus durchlaufen lassen. Hier sind die Ergebnisse der zwei Dokumente. Vorab schon einmal ein großes Dankeschön!!

OTL.txt:

PHP-Code:
OTL logfile created on09.02.2012 15:58:59 Run 1
OTL by OldTimer 
Version 3.2.31.0     Folder C:\Users\Michi\Desktop
Windows Vista Home Premium Edition Service Pack 2 
(Version 6.0.6002) - Type NTWorkstation
Internet Explorer 
(Version 9.0.8112.16421)
Locale00000407 CountryDeutschland LanguageDEU Date Formatdd.MM.yyyy
 
3
,00 Gb Total Physical Memory 2,53 Gb Available Physical Memory 84,26Memory free
6
,19 Gb Paging File 5,92 Gb Available in Paging File 95,56Paging File free
Paging file location
(s): ?:\pagefile.sys [binary data]
 
%
SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C
: | 111,44 Gb Total Space 12,44 Gb Free Space 11,17Space Free Partition TypeNTFS
Drive D
: | 105,90 Gb Total Space 17,85 Gb Free Space 16,86Space Free Partition TypeNTFS
Drive E
: | 486,17 Mb Total Space 311,50 Mb Free Space 64,07Space Free Partition TypeFAT
 
Computer Name
MICHI-PC User NameMichi Logged in as Administrator.
Boot ModeSafeMode with Networking Scan ModeCurrent user Quick Scan
Company Name Whitelist
On Skip Microsoft FilesOn No Company Name WhitelistOn File Age 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011.10.16 14:22:40 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
PRC 
- [2009.04.11 07:27:36 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011.08.30 22:25:44 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD 
- [2007.09.20 17:34:58 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011.07.01 09:28:48 000,269,480 | ---- | M] (Avira GmbH) [Auto Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 15:46:14 000,136,360 | ---- | M] (Avira GmbH) [Auto Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.25 01:32:16 000,009,216 | ---- | M] (Vodafone) [Auto Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.07.26 06:43:14 000,025,832 | ---- | M] (BioWare) [On_Demand Stopped] -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008.06.06 00:50:43 003,488,768 | ---- | M] () [Auto Stopped] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.04.27 21:26:44 000,599,344 | ---- | M] (Validity SensorsInc.) [Auto Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.03.21 12:22:52 000,024,576 | ---- | M] () [Auto Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.04 23:38:34 000,500,784 | ---- | M] (Egis Incorporated) [Auto Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 03:23:32 000,272,952 | ---- | M] (Microsoft Corporation) [Auto Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 17:35:02 000,081,504 | ---- | M] () [Auto Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 16:03:00 000,233,472 | ---- | M] (Acer Incorporated) [Auto Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.11 04:15:04 000,012,800 | ---- | M] (Agere Systems) [Auto Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.06 16:15:28 000,110,592 | ---- | M] () [Auto Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.11.06 21:22:26 000,092,792 | ---- | M] (CACE Technologies) [On_Demand Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapdRemote Packet Capture Protocol v.0 (experimental)
SRV - [2007.10.03 13:45:02 000,358,936 | ---- | M] (Intel Corporation) [Auto Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMONIntel(R)
 
 
[
color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011.07.01 09:28:49 000,138,192 | ---- | M] (Avira GmbH) [Kernel System Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 09:28:49 000,066,616 | ---- | M] (Avira GmbH) [File_System Auto Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.02.08 15:36:07 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel Auto Stopped] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2011.02.08 13:44:14 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel System Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009.08.18 12:06:44 000,114,688 | ---- | M] (ZTE Corporation) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 12:06:44 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 12:06:44 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 12:06:44 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 12:06:44 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.08.18 12:06:44 000,009,216 R--- | M] (ZTE Incorporated) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.07.21 16:01:05 000,281,760 | ---- | M] () [Kernel Auto Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.21 16:01:05 000,025,888 | ---- | M] () [Kernel Auto Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 10:12:49 000,028,520 | ---- | M] (Avira GmbH) [Kernel System Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 10:35:01 000,011,608 | ---- | M] (Avira GmbH) [Kernel System Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.17 22:03:01 000,025,280 | ---- | M] (LogMeInInc.) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.07.14 16:13:05 000,717,296 | ---- | M] () [Kernel Boot Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.06.06 00:50:38 000,043,184 | ---- | M] (Alfa Corporation) [File_System Boot Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.05.08 18:01:44 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.02 16:27:48 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel Auto Stopped] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.27 21:27:10 000,040,752 | ---- | M] (Validity SensorsInc.) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.04.11 10:55:04 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.21 09:48:24 000,015,392 | ---- | M] (AcerInc.) [Kernel Auto Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.03.11 12:38:00 000,048,128 | ---- | M] (Atheros CommunicationsInc.) [Kernel On_Demand Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.02.29 08:13:38 001,202,560 | ---- | M] (Agere Systems) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 17:35:08 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel Auto Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2008.01.08 20:10:32 002,554,368 | ---- | M] (Intel Corporation) [Kernel On_Demand Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32Intel(R)
DRV - [2007.12.18 17:12:12 000,054,784 | ---- | M] (ITE TechInc. ) [Kernel On_Demand Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.11.06 21:22:06 000,034,064 | ---- | M] (CACE Technologies) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2006.11.02 14:27:34 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel System Stopped] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.09.28 11:47:48 000,283,776 | ---- | M] (AfaTech                  ) [Kernel On_Demand Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
 
 
[
color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL hxxp://de.intl.acer.yahoo.com
IE HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page hxxp://de.intl.acer.yahoo.com
 
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL hxxp://global.acer.com [binary data]
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages hxxp://global.acer.com [binary data]
IE HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page about:blank
IE 
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache 1
IE 
HKCU\..\URLSearchHook:  - No CLSID value found
IE 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"ProxyEnable" 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF prefs.js..browser.search.defaultenginename"ixquick"
FF prefs.js..browser.search.suggest.enabledfalse
FF 
prefs.js..browser.search.useDBForOrdertrue
FF 
prefs.js..browser.startup.homepage"hxxp://ixquick.com"
FF prefs.js..extensions.enabledItemsmoveplayer@movenetworks.com:1.0.0.071302000004
FF 
prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF 
prefs.js..extensions.enabledItemsinfo@youtube-mp3.org:1.0.2
FF 
prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF 
prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
 
FF 
HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayerC:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivXInc)
FF HKLM\Software\MozillaPlugins\@java.com/JavaPluginC:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun MicrosystemsInc.)
FF HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPluginC:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworksInc.)
FF HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworksInc.)
FF HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF 
HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPluginC:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\ComponentsC:\Program Files\Mozilla Firefox\components [2012.02.03 23:10:05 000,000,000 | ---M]
FF HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\PluginsC:\Program Files\Mozilla Firefox\plugins [2011.09.16 10:51:51 000,000,000 | ---M]
 
[
2008.07.09 20:29:44 000,000,000 | ---M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions
[2011.12.10 17:21:08 000,000,000 | ---M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\abcy3n4i.default\extensions
[2010.06.29 16:03:49 000,000,000 | ---M] (Microsoft .NET Framework Assistant) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\abcy3n4i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[
2009.03.11 18:30:21 000,000,000 | ---M] (Move Media Player) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\abcy3n4i.default\extensions\moveplayer@movenetworks.com
[2011.12.04 09:26:55 000,000,000 | ---M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.16 15:12:53 000,000,000 | ---M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (
No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ABCY3N4I.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
() (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ABCY3N4I.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI
[2012.02.03 23:10:04 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 000,476,904 | ---- | M] (Sun MicrosystemsInc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.13 23:46:00 000,063,488 | ---- | M] (NullsoftInc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.03 23:09:59 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 23:09:59 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.03 23:09:59 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 23:09:59 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 23:09:59 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 23:09:59 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File
: ([2006.09.18 22:41:30 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 
Hosts: ::1             localhost
O2 
BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 HKLM..\Run: [avgntC:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 HKLM..\Run: [eAudioC:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 HKLM..\Run: [eDataSecurity LoaderC:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 HKLM..\Run: [eRecoveryService]  File not found
O4 
HKLM..\Run: [IAAnotifC:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 HKLM..\Run: [LManagerC:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 HKLM..\Run: [PLFSetIC:\Windows\PLFSetI.exe ()
O4 HKLM..\Run: [RtHDVCplC:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 HKLM..\Run: [StartCCCC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro DevicesInc.)
O4 HKLM..\Run: [WarReg_PopUpC:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 HKLM..\Run: [Windows DefenderC:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 HKLM..\Run: [ZPdtWzdVitaKey MC3000C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 HKCU..\Run: [ffdwndC:\Users\Michi\AppData\Local\Mozilla\Firefox\firefox.exe (3M Touch SystemsInc.)
O4 HKCU..\Run: [Pando Media BoosterC:\Programme\Pando Networks\Media Booster\PMB.exe ()
O8 Extra context menu item: &Download by Orbit C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 Extra context menu item: &Grab video by Orbit C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 Extra context menu itemBild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 Extra context menu item: Do&wnload selected by Orbit C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 Extra context menu itemDown&load all by Orbit C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 Extra context menu itemNach Microsoft E&xel exportieren C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 Extra context menu itemSeite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 Extra ButtonQuick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 Extra 'Tools' menuitem Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 Extra ButtonAn OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 Extra 'Tools' menuitem An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 Extra ButtonICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQLLC.)
O9 Extra 'Tools' menuitem ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQLLC.)
O9 Extra ButtonSkype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 Extra 'Tools' menuitem Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 Extra ButtonResearch - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 gopher Prefixmissing
O16 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBAhxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBAhxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBAhxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 HKLM\System\CCS\Services\Tcpip\ParametersDhcpNameServer 192.168.2.1
O17 
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66165F62-E6BB-4001-BF06-4889D5E6DED5}: DhcpNameServer 139.7.30.125 139.7.30.126
O17 
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD7856F4-D82E-4C02-8D42-4352438CF09B}: DhcpNameServer 192.168.2.1
O18 
Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 HKLM WinlogonShell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 HKLM WinlogonUserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 Winlogon\Notify\AWinNotifyVitaKey MC3000DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 Desktop WallPaperC:\Users\Michi\Pictures\Wallpaper\Donavon 1 1280x1024.jpg
O24 
Desktop BackupWallPaperC:\Users\Michi\Pictures\Wallpaper\Donavon 1 1280x1024.jpg
O32 
HKLM CDRomAutoRun 1
O32 
AutoRun File - [2006.09.18 22:43:36 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 MountPoints2\{05338666-3363-11e0-ada5-00a0d1a71c70}\Shell "" AutoRun
O33 
MountPoints2\{05338666-3363-11e0-ada5-00a0d1a71c70}\Shell\AutoRun\command "" G:\AUTORUN.EXE
O33 
MountPoints2\{1339903c-65a4-11dd-bbfc-00a0d1a71c70}\Shell "" AutoRun
O33 
MountPoints2\{1339903c-65a4-11dd-bbfc-00a0d1a71c70}\Shell\AutoRun\command "" H:\LaunchU3.exe -a
O33 
MountPoints2\{768c61f8-2019-11de-ad13-00a0d1a71c70}\Shell\AutoRun\command "" G:\ScopeViewer.exe
O33 
MountPoints2\{83c4db34-51b7-11dd-8ecc-00a0d1a71c70}\Shell "" AutoRun
O33 
MountPoints2\{83c4db34-51b7-11dd-8ecc-00a0d1a71c70}\Shell\AutoRun\command "" E:\autorun.exe -auto
O33 
MountPoints2\{8cf06e1b-7255-11e0-bc52-00a0c6000000}\Shell "" AutoRun
O33 
MountPoints2\{8cf06e1b-7255-11e0-bc52-00a0c6000000}\Shell\AutoRun\command "" E:\setup_vmc_lite.exe /checkApplicationPresence
O33 
MountPoints2\{caf341d8-c3ce-11de-a7be-00a0d1a71c70}\Shell "" AutoRun
O33 
MountPoints2\{caf341d8-c3ce-11de-a7be-00a0d1a71c70}\Shell\AutoRun\command "" G:\LaunchU3.exe -a
O33 
MountPoints2\{e6192026-655e-11dd-b9c7-001de0c47b99}\Shell "" AutoRun
O33 
MountPoints2\{e6192026-655e-11dd-b9c7-001de0c47b99}\Shell\AutoRun\command "" H:\LaunchU3.exe
O34 
HKLM BootExecute: (autocheck autochk *)
O35 HKLM\..comfile [open] -- "%1" %*
O35 HKLM\..exefile [open] -- "%1" %*
O37 HKLM\...com [@ = comfile] -- "%1" %*
O37 HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX
: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX
: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe ///i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX
: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX
: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX
: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX
: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX
: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX
: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX
: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX
: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX
: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX
: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX
: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX
: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX
: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe ///i:U shell32.dll
ActiveX
: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX
: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX
: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX
: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX
: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX
: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX
: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX
: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX
: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX
: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs
FastUserSwitchingCompatibility -  File not found
NetSvcs
Ias C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcsNla -  File not found
NetSvcs
Ntmssvc -  File not found
NetSvcs
NWCWorkstation -  File not found
NetSvcs
Nwsapagent -  File not found
NetSvcs
SRService -  File not found
NetSvcs
WmdmPmSp -  File not found
NetSvcs
LogonHours -  File not found
NetSvcs
PCAudit -  File not found
NetSvcs
helpsvc -  File not found
NetSvcs
uploadmgr -  File not found
 
MsConfig 
StartUpFolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk C:\Programme\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated)
MsConfig StartUpFolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk -  - File not found
MsConfig 
StartUpFolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig StartUpFolderC:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk -  - File not found
MsConfig 
StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig StartUpReg: [b]ArcadeDeluxeAgent[/b] - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig StartUpReg: [b]CLMLServer[/b] - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig StartUpReg: [b]DAEMON Tools Lite[/b] - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig StartUpReg: [b]ePower_DMC[/b] - hkey= - key= - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
MsConfig StartUpReg: [b]MobileConnect[/b] - hkey= - key= -  File not found
MsConfig 
StartUpReg: [b]Orb[/b] - hkey= - key= -  File not found
MsConfig 
StartUpReg: [b]PlayMovie[/b] - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun MicrosystemsInc.)
MsConfig StartUpReg: [b]WinampAgent[/b] - hkey= - key= - C:\Program Files\Winamp\winampa.exe (NullsoftInc.)
MsConfig State"startup" 2
 
CREATERESTOREPOINT
Error creating restore point
.
 
[
color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.02.09 15:36:38 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
[2012.02.05 18:40:58 000,000,000 | ---C] -- C:\Users\Michi\Desktop\Bilder
[3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[
1 C:\Users\Michi\AppData\Roaming\*.tmp files -> C:\Users\Michi\AppData\Roaming\*.tmp -> ]
 
[
color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.02.09 15:52:43 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.09 15:52:43 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.09 15:52:43 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.09 15:52:43 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.09 15:50:44 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.09 15:49:30 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.09 15:48:59 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.02.09 15:48:45 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 15:48:45 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[
1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[
1 C:\Users\Michi\AppData\Roaming\*.tmp files -> C:\Users\Michi\AppData\Roaming\*.tmp -> ]
 
[
color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.12.10 14:26:33 000,000,036 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\blckdom.res
[2011.10.14 00:32:19 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.01.18 19:09:03 000,000,058 | ---- | C] () -- C:\Users\Michi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.03.15 19:15:34 000,156,430 R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010.02.07 14:57:11 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2009.09.24 10:25:43 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 10:25:43 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.21 16:01:05 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.21 16:01:05 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.04.08 16:46:18 000,000,202 | ---- | C] () -- C:\Windows\System32\IC32.INI
[2009.01.22 21:15:11 000,001,910 | ---- | C] () -- C:\Windows\CDPLAYER.INI
[2008.12.23 17:37:49 000,000,771 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\coreavc.ini
[2008.10.07 09:13:30 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.16 01:14:24 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.16 01:11:10 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.30 18:16:30 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.08.22 12:08:44 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008.08.18 15:14:48 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.10 15:42:31 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.10 15:22:59 000,111,608 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008.07.21 23:09:31 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2008.07.14 16:16:31 000,000,680 | ---- | C] () -- C:\Users\Michi\AppData\Local\d3d9caps.dat
[2008.07.14 16:06:01 000,001,191 | ---- | C] () -- C:\Windows\eReg.dat
[2008.07.12 16:56:22 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.07.09 20:29:45 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.07.09 17:17:35 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008.07.08 16:38:10 000,183,296 | ---- | C] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.12 19:36:38 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.06.06 00:55:07 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.06.06 00:55:07 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe
[2008.06.06 00:55:07 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini
[2008.06.06 00:51:06 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.06.06 00:42:27 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.05.16 06:50:46 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.05.16 06:50:46 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.16 06:50:44 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.05.16 06:50:43 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.04.12 06:41:20 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 06:30:20 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.03.28 20:22:04 000,001,024 RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.03.28 20:22:04 000,001,024 RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.03.28 19:29:19 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.03.28 19:25:31 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.03.28 19:21:05 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.03.28 19:21:05 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.03.28 19:19:46 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008.03.28 11:58:20 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 08:15:58 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.11.26 21:56:28 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.11.14 15:17:34 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.11.06 21:19:28 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007.04.24 17:32:56 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.05 19:05:26 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 000,315,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 15:12:30 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 12:56:00 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 22:46:38 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011.02.13 18:22:53 000,000,000 | -HSD M] -- C:\Users\Michi\AppData\Roaming\.#
[2011.10.23 19:14:13 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\1&1 Mail Media GmbH
[2008.07.11 13:28:13 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Acer
[2008.03.28 19:43:38 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Acer GameZone Console
[2008.08.09 05:54:11 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Ashampoo
[2011.10.07 12:24:10 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\CPUControl
[2008.08.16 21:59:10 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Crazy Browser
[2008.07.14 16:12:47 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\DAEMON Tools
[2011.02.08 13:52:25 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\DAEMON Tools Lite
[2011.01.18 19:09:03 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\DonationCoder
[2008.07.10 15:12:12 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\eSobi
[2009.01.22 21:35:10 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\FinalBurner AudioCD Ripper
[2009.03.12 20:32:51 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\FloodLightGames
[2008.12.22 13:43:03 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Galcon
[2011.03.23 15:30:29 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\GrabPro
[2011.08.03 11:55:46 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\ICQ
[2011.12.10 14:26:25 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\kock
[2011.11.02 16:23:35 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\LolClient
[2009.09.14 13:33:24 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\OpenOffice.org
[2011.03.23 17:44:50 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Orbit
[2009.09.15 16:43:52 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\PlayFirst
[2011.03.23 15:26:44 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\ProgSense
[2010.10.26 21:44:13 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\ProtectDISC
[2011.08.03 17:58:51 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Steinberg
[2011.12.16 15:07:39 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\UAs
[2009.07.21 16:36:40 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Ubisoft
[2008.07.08 16:26:35 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Validity
[2011.04.29 12:49:36 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\Vodafone
[2011.12.10 14:26:25 000,000,000 | ---M] -- C:\Users\Michi\AppData\Roaming\xmldm
[2012.02.09 15:49:30 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.08.08 13:25:00 000,000,000 | -HSD M] -- C:\$RECYCLE.BIN
[2008.06.06 01:46:59 000,000,000 | ---M] -- C:\ACER
[2008.07.08 16:25:24 000,000,000 | ---M] -- C:\ACERSW
[2008.07.09 17:07:10 000,000,000 | ---M] -- C:\Anderes
[2009.10.04 13:19:13 000,000,000 | -HSD M] -- C:\Boot
[2008.06.06 01:03:56 000,000,000 | ---M] -- C:\CLSetup
[2012.01.04 22:25:33 000,000,000 | -HSD M] -- C:\Config.Msi
[2006.11.02 14:02:03 000,000,000 | -HSD M] -- C:\Documents and Settings
[2008.07.08 16:21:20 000,000,000 | -HSD M] -- C:\Dokumente und Einstellungen
[2008.03.28 19:12:56 000,000,000 | ---M] -- C:\Intel
[2008.03.28 19:45:25 000,000,000 RH-M] -- C:\MSOCache
[2012.01.03 21:54:54 000,000,000 R--M] -- C:\Program Files
[2011.11.02 10:20:27 000,000,000 | -H-M] -- C:\ProgramData
[2008.07.08 16:21:20 000,000,000 | -HSD M] -- C:\Programme
[2011.10.14 00:32:19 000,000,000 | -H-M] -- C:\Recycle.Bin
[2012.02.09 13:34:35 000,000,000 | -HSD M] -- C:\System Volume Information
[2008.07.12 17:13:27 000,000,000 | ---M] -- C:\TEMP
[2008.07.08 16:25:09 000,000,000 R--M] -- C:\Users
[2012.02.09 15:14:58 000,000,000 | ---M] -- C:\Windows
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
 
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2008.01.21 03:23:01 000,056,376 | ---- | M] (Microsoft CorporationMD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 000,056,376 | ---- | M] (Microsoft CorporationMD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 000,056,376 | ---- | M] (Microsoft CorporationMD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 000,056,376 | ---- | M] (Microsoft CorporationMD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 000,056,376 | ---- | M] (Microsoft CorporationMD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 000,053,864 | ---- | M] (Microsoft CorporationMD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009.04.11 07:32:26 000,019,944 | ---- | M] (Microsoft CorporationMD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 000,019,944 | ---- | M] (Microsoft CorporationMD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 000,019,944 | ---- | M] (Microsoft CorporationMD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 000,021,560 | ---- | M] (Microsoft CorporationMD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 000,021,560 | ---- | M] (Microsoft CorporationMD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 000,019,048 | ---- | M] (Microsoft CorporationMD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2006.11.02 10:46:03 000,011,776 | ---- | M] (Microsoft CorporationMD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 000,011,776 | ---- | M] (Microsoft CorporationMD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008.10.29 07:20:29 002,923,520 | ---- | M] (Microsoft CorporationMD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 002,927,104 | ---- | M] (Microsoft CorporationMD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 002,927,616 | ---- | M] (Microsoft CorporationMD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 002,926,592 | ---- | M] (Microsoft CorporationMD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 002,926,592 | ---- | M] (Microsoft CorporationMD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 002,923,520 | ---- | M] (Microsoft CorporationMD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 002,927,104 | ---- | M] (Microsoft CorporationMD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2007.09.29 21:03:32 000,384,024 | ---- | M] (Intel CorporationMD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.09.29 21:03:12 000,308,248 | ---- | M] (Intel CorporationMD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.09.29 21:03:12 000,308,248 | ---- | M] (Intel CorporationMD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 21:03:12 000,308,248 | ---- | M] (Intel CorporationMD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2008.01.21 03:23:23 000,235,064 | ---- | M] (Intel CorporationMD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 000,235,064 | ---- | M] (Intel CorporationMD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 000,235,064 | ---- | M] (Intel CorporationMD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 000,232,040 | ---- | M] (Intel CorporationMD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2009.04.11 07:28:23 000,592,896 | ---- | M] (Microsoft CorporationMD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 000,592,896 | ---- | M] (Microsoft CorporationMD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 000,592,384 | ---- | M] (Microsoft CorporationMD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2006.11.02 10:50:13 000,040,040 | ---- | M] (NVIDIA CorporationMD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 000,045,112 | ---- | M] (NVIDIA CorporationMD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 000,045,112 | ---- | M] (NVIDIA CorporationMD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 000,045,112 | ---- | M] (NVIDIA CorporationMD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2008.01.21 03:24:50 000,177,152 | ---- | M] (Microsoft CorporationMD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 000,177,152 | ---- | M] (Microsoft CorporationMD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 000,177,152 | ---- | M] (Microsoft CorporationMD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
[color=#A23BEC]< MD5 for: USER32.DLL  >[/color]
[2009.04.11 07:28:25 000,627,712 | ---- | M] (Microsoft CorporationMD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 000,627,712 | ---- | M] (Microsoft CorporationMD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 000,627,200 | ---- | M] (Microsoft CorporationMD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008.01.21 03:24:49 000,025,088 | ---- | M] (Microsoft CorporationMD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 000,025,088 | ---- | M] (Microsoft CorporationMD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009.04.11 07:28:13 000,314,368 | ---- | M] (Microsoft CorporationMD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 000,314,368 | ---- | M] (Microsoft CorporationMD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 000,314,880 | ---- | M] (Microsoft CorporationMD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< MD5 for: WS2IFSL.SYS  >[/color]
[2008.01.21 03:24:47 000,015,872 | ---- | M] (Microsoft CorporationMD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 000,015,872 | ---- | M] (Microsoft CorporationMD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2008.07.14 16:13:05 000,717,296 | ---- | M] ()[bUnable to obtain MD5[/b] -- C:\Windows\system32\drivers\sptd.sys
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2008.01.21 04:14:18 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
 
[color=#A23BEC]< %USERPROFILE%\*.* >[/color]
[2009.09.14 16:17:01 000,000,853 | ---- | M] () -- C:\Users\Michi\.recently-used.xbel
[2012.02.09 16:01:18 004,718,592 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT
[2012.02.09 16:01:17 000,262,144 | -H-- | M] () -- C:\Users\Michi\ntuser.dat.LOG1
[2008.07.08 16:25:09 000,000,000 | -H-- | M] () -- C:\Users\Michi\ntuser.dat.LOG2
[2012.02.09 15:49:29 000,065,536 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.25 09:23:49 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.02.09 15:49:29 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.07.08 16:25:09 000,000,020 | -HS- | M] () -- C:\Users\Michi\ntuser.ini
 
[color=#A23BEC]< %USERPROFILE%\Local Settings\Temp\*.exe >[/color]
 
[color=#A23BEC]< %USERPROFILE%\Local Settings\Temp\*.dll >[/color]
 
[color=#A23BEC]< %USERPROFILE%\Application Data\*.exe >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >[/color]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\RequiredDebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream 99 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream 103 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream 101 bytes -> C:\ProgramData\TEMP:580E04D8

End of report 

Alt 09.02.2012, 16:59   #2
JimBob21
 
"Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt." - Standard

"Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."



Extras.txt:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.02.2012 15:58:59 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Michi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,26% Memory free
6,19 Gb Paging File | 5,92 Gb Available in Paging File | 95,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 12,44 Gb Free Space | 11,17% Space Free | Partition Type: NTFS
Drive D: | 105,90 Gb Total Space | 17,85 Gb Free Space | 16,86% Space Free | Partition Type: NTFS
Drive E: | 486,17 Mb Total Space | 311,50 Mb Free Space | 64,07% Space Free | Partition Type: FAT
 
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BCB9A2F-BDDC-4322-9E7F-BAA8DB3A41ED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{18DFD707-78BB-43D4-9D37-0E052C0C1098}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1BC061C6-0A1E-41A6-89B4-215B9D05AC04}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1D01C083-0FD5-46FC-B2F9-82ED998CE7C6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2BC6733C-A0F6-42CA-87A8-39A803CF2478}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2DACCBBC-3D8F-43A8-ABBC-CF84E40A0808}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{422F74D6-C7E0-4D5E-BACA-362833257E5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{502B71DD-C4F0-4FD2-A494-7F5F17CBD3F7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{578331AA-0DBC-42C1-B75B-AF54B8DB38A3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5E1EE19F-699D-4B3E-A9E6-D6D6165FF09A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5FA06081-510E-4481-8523-4C71140A175B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6D0977E5-ACE7-4B7F-A23E-946E517CCEDA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6D6A4FD5-7403-447E-BD22-C59F934B53F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7B5C01E7-14BB-4561-874A-214BC716A909}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7FA15885-562D-40EC-9DDE-8C8EDE096E17}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8663E336-C9FE-424C-895F-51E2ADE07344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8817E89D-7BEC-4CFE-A8F8-8DE524383E4B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A0E9B23F-B8A2-44F2-A666-7CBEBF711823}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A9347191-50FD-4A79-BCFA-E618D5B3FDE8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B68BAB3A-7CDB-47E4-8288-957A505CC041}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6C7BEA9-E0EA-45E2-9B6E-22902A1F1601}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BA7C17DF-368C-4FBC-A72D-7DFAC9B926CB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BB6B635C-49E4-4D01-BCB7-82DB4495C6EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD77C8B6-E2FE-4536-8A32-DC90E19A2F57}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C586C619-13E7-4526-9C4A-8374F24DFD31}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C749CF17-9E7F-4ADB-A5B9-D6B8691BBFA1}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{D3118657-4769-454D-ABDD-13807A8CB4B9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FCBE4470-59C7-4833-9833-EBFB2D05835C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04210FEA-D621-4AC6-9706-42FE387FB187}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{08E5F393-BED8-486A-AD7F-769E3F6A1579}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0CFEB6DC-A5D9-4D88-8F33-CDCE4A4E77BD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{121D0D94-C9B7-4FD3-BC2C-17862593AF62}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{1933C5E3-B32C-432A-8E82-AF50E29D1A6E}" = protocol=6 | dir=in | app=d:\spiele\anno 1404 - dawn of discovery\tools\anno4web.exe | 
"{1CF98279-1E48-4A8C-8A01-358ADBEE80FE}" = protocol=6 | dir=in | app=d:\spiele\anno 1404 - dawn of discovery\anno4.exe | 
"{1F33EFA3-43C5-4B73-B218-84C4D579D1F0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{274B00B2-47A6-47D1-9B75-D109516882E3}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii beta\starcraft ii.exe | 
"{29455BA8-EA81-4664-949E-A303C17B25C9}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{29EB2ECF-A464-4701-AE5A-4752B4A520EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2B036B52-512B-41AE-B259-84994FA6DBB8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{3060155D-9704-4482-841A-598A1DC68F08}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{35288F3D-1737-497C-8237-9040265B6E49}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{3CD3E0C5-3C00-4151-8894-8D3C7FDA4EA2}" = protocol=6 | dir=in | app=d:\spiele\dragon age\daoriginslauncher.exe | 
"{40D4CD0E-9E4A-4F97-9135-0AA6D7FE1F47}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{40E077C9-1737-4AE7-BB56-957629079CB5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{41BBE809-1548-4A38-9D8F-3FAF4BCDBC33}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{49E7C65E-6B52-4F1A-ABF4-BCE027275ECF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{51F12135-5E2C-4542-A1B1-9389103868A0}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{53F43FDE-9829-47E9-A5D5-AF5D5461B436}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{54B4FB10-8D01-4CEC-BE22-9CA8B350636B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{56149AE9-F2D4-40F7-AB47-6A3454426633}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5C72302E-B6D7-435B-AF55-D0B3451E5C6A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{61EC266C-2362-4F4C-BE23-9B6668FE2C97}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{64F7AB79-9109-4CA3-A336-38F54FF6128C}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{663B6DF3-C8BF-45C3-BBC7-3E6CFB338731}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{693527D4-7CD6-4653-8149-9CCB51121BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6AC2BE6D-C85E-41F7-A8B3-3E27EAFA2E35}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{6B43F165-0624-4B08-AB17-19471952A5D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6CAACFB8-40B9-453E-94D3-9517AAC6FEA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6CF84A31-FD40-4E58-9F9D-0D29B8DE81CF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{70BEE19C-671C-4B76-BB85-EE2A39D7AF0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{75309331-C730-4461-979D-33E9F1365B1D}" = protocol=6 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | 
"{7706C3EC-0215-4467-9E92-DA68998F3C80}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CF32B2A-7A4B-465A-85D0-08113CED40B8}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii beta\starcraft ii.exe | 
"{7E3439EA-BD64-40ED-B156-76CF667CFC96}" = protocol=6 | dir=in | app=d:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{810F548C-9793-4935-8C88-181EED29B47F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{85D75BC6-C4E4-406F-A713-0F22E1DD6D01}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{87A07541-4DD3-4A92-9E08-15DDE5FC5DA2}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii beta\support\blizzarddownloader.exe | 
"{8907C116-F804-4121-BD3C-7A680165EF85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8D8EDE60-F036-4B3D-93D1-67C2B43B9F2A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{8DD39A89-72A1-4216-8EFD-651F71A12E88}" = protocol=17 | dir=in | app=d:\spiele\dragon age\bin_ship\daupdatersvc.service.exe | 
"{9260B7EF-B304-4F6D-9CBA-980E2EE4254B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{992797C5-0800-45CC-8B43-F00B13717B48}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{9927DE4E-6133-4213-9188-0BF29508E69C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9B25DF26-A70E-469E-9089-9DFC9FFE9649}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B1EC0C6C-EC1C-496B-AD5A-098773C8E618}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5ED9CDB-0767-41A9-B664-AA9B031F2EC4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B8E2F2BE-3A44-4E2A-A167-B0E4EB0DC812}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{B934CA55-CEA6-418C-9F7D-DF83B0C9C648}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{BACD07EE-6DFA-4A8E-B3FC-A9B77615338B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{BDA86739-4D10-4AC6-A339-5C8D606C3509}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii beta\support\blizzarddownloader.exe | 
"{C4D0717A-00BE-41CE-8EFF-F62F35B99CB1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C6342978-2FF0-4DA9-AAC4-219ED4EE3935}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{C92A06DD-34C1-48E2-829A-27CBD6D0BFB0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C936502D-74D6-4F9C-97D5-A09C2BEF0118}" = protocol=17 | dir=in | app=d:\spiele\anno 1404 - dawn of discovery\anno4.exe | 
"{CE31D2E4-8C53-4D15-BD94-2B770FA273D4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{CF796520-13DB-4F3E-92A7-44FF23EB990E}" = protocol=6 | dir=out | app=system | 
"{D0FE1C55-B62E-4EFC-A283-7B36CF32EFC9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D26AB9D1-DA7D-4DFE-B9E2-7C0458AEEFE8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{D4ED0083-C577-4B1B-A674-857E5D35758A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6331814-6F25-4F97-A462-E78E1ADEF660}" = protocol=17 | dir=in | app=d:\spiele\anno 1404 - dawn of discovery\tools\anno4web.exe | 
"{DA690005-460A-4332-B3D9-068468F17D5D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{E202E5BC-E4ED-419C-A15C-EB25C3116EA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5B4816F-206F-45D8-9B24-FE10703CF31E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{E72433FE-4929-4D20-B3E4-8ADE7EB697E0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E7E96016-4EDA-4220-9576-2E1E4340AB79}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{E9E47F72-3768-49F7-9187-F264C7B7D1E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E9EF6D5B-7B6D-44B6-9771-190A2ACB5F16}" = protocol=17 | dir=in | app=d:\spiele\dragon age\daoriginslauncher.exe | 
"{EBC6673B-A1DB-40F9-9372-98BD88D3FC0C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{EE15AF32-D818-4625-8554-ABC7F5CB1E47}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{EF9F5384-5D83-4139-8A64-588F03EDA28D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{F3F60096-3666-4E43-90FA-3BA8BEDE86D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5CEF4B1-45CB-4348-B7FF-E1D126B880DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F86351C6-8284-4C1A-8BEB-EDC4CF3BE44A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F97B5013-767F-446D-8F95-7F3A30A45ACC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FD319E96-FDED-49E3-AD25-00A01BB5D432}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{FF7057ED-D72A-4CE3-A099-346267F64152}" = protocol=17 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{09CF2D8A-CD3F-4DCE-856A-C512465ADE68}D:\spiele\codename eagle\ce 1.42\iplist.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\iplist.exe | 
"TCP Query User{0A12F0C4-2B07-4751-8CDE-D4AE1BF76FB1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{0E63E5D7-942F-4681-BF48-9796ABEB8D99}D:\spiele\homm iii\h3blade.exe" = protocol=6 | dir=in | app=d:\spiele\homm iii\h3blade.exe | 
"TCP Query User{1185A42C-9970-4922-9D09-65B1667B8293}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{18246D44-30CC-4862-A62B-162BD9E3818D}D:\spiele\cs1.6\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs1.6\hl.exe | 
"TCP Query User{1A0D73BC-B505-432C-8400-4F9679218985}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{21FA885B-4C55-49C6-9D44-07C77AA8EB12}D:\spiele\cs1.6\hl.exe" = protocol=6 | dir=in | app=d:\spiele\cs1.6\hl.exe | 
"TCP Query User{2D0EE15E-A528-49A8-900F-067D5CAE89CC}D:\spiele\warcraft iii original\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii original\war3.exe | 
"TCP Query User{2F050F66-B59F-4429-AAB6-7B3E9BB5AA61}D:\spiele\freelancer\exe2\freelancer.exe" = protocol=6 | dir=in | app=d:\spiele\freelancer\exe2\freelancer.exe | 
"TCP Query User{3F2318E0-6312-448A-B05E-314684874634}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{46F5559D-A69A-4EE2-B79C-2C9497279A39}D:\spiele\aoe 2\age2_x1.exe" = protocol=6 | dir=in | app=d:\spiele\aoe 2\age2_x1.exe | 
"TCP Query User{4C5095A6-3B2B-44C8-B048-0C96B6E345FC}D:\spiele\warcraft iii original\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii original\war3.exe | 
"TCP Query User{5231DCE8-2FAC-42FD-BFFA-4A3AAE1AE7A1}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{5D70AF6E-4DBD-4240-85DD-515E200561FB}D:\spiele\warhammer 40000 dawn of war\w40k.exe" = protocol=6 | dir=in | app=d:\spiele\warhammer 40000 dawn of war\w40k.exe | 
"TCP Query User{6067F411-E203-46CE-8B76-524FD8D2EF96}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{61D9E951-BCEF-4701-B168-721562598B79}D:\spiele\renegade\game.exe" = protocol=6 | dir=in | app=d:\spiele\renegade\game.exe | 
"TCP Query User{6A1F497E-48B7-4EF5-BCAB-6BF9AC8E1087}D:\spiele\vietcong\vietcong.exe" = protocol=6 | dir=in | app=d:\spiele\vietcong\vietcong.exe | 
"TCP Query User{70C79276-D434-4B05-AD2D-68C91AE48397}D:\spiele\warcraft iii original\pickup.listchecker.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii original\pickup.listchecker.exe | 
"TCP Query User{7E6A7F4C-BCB6-468D-B2C5-269FC408C7F5}D:\spiele\counterstrike 1.6\hltv.exe" = protocol=6 | dir=in | app=d:\spiele\counterstrike 1.6\hltv.exe | 
"TCP Query User{829F3ABB-197D-4F2A-A685-1FE7B3C6B59B}D:\spiele\codename eagle\ce 1.42\lobby.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\lobby.exe | 
"TCP Query User{9A12CC94-2994-4AB2-89FE-943B69E5AAC3}D:\spiele\call of duty ii\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty ii\cod2mp_s.exe | 
"TCP Query User{9EB940A5-8EF2-497A-818B-FF6DB5BB02A7}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{A655C730-C463-4A2E-A436-5328DF0E0F7D}D:\spiele\vietcong\vietcong.exe" = protocol=6 | dir=in | app=d:\spiele\vietcong\vietcong.exe | 
"TCP Query User{A8C06EC3-199E-44DB-A16E-FB216D42D4A5}D:\spiele\codename eagle\ce 1.42\lobby.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\lobby.exe | 
"TCP Query User{A9B98AB7-7843-441F-9A76-B192CBDBD773}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"TCP Query User{B7E9C274-AB78-4068-AC08-F46EF8B250E9}D:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"TCP Query User{BA3146DD-142C-454C-8AC3-1A36FE6776C2}D:\spiele\13th century - death or glory\engine.exe" = protocol=6 | dir=in | app=d:\spiele\13th century - death or glory\engine.exe | 
"TCP Query User{BDDDAE98-77A7-4A00-9594-549043FE8646}D:\spiele\galcon\main.exe" = protocol=6 | dir=in | app=d:\spiele\galcon\main.exe | 
"TCP Query User{C1E223DC-9680-49AB-A07C-3D72AD1DE369}D:\spiele\codename eagle\ce 1.42\ce.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\ce.exe | 
"TCP Query User{C8CCF0D7-61FC-44D6-97AE-849C3338FB38}D:\spiele\codename eagle\ce 1.42\ce.exe" = protocol=6 | dir=in | app=d:\spiele\codename eagle\ce 1.42\ce.exe | 
"TCP Query User{CCA1BB07-0832-475D-9505-3870BE6F607A}D:\spiele\cs1.6\hltv.exe" = protocol=6 | dir=in | app=d:\spiele\cs1.6\hltv.exe | 
"TCP Query User{CDE9AF7E-6E84-4F44-86F3-4EB8D0B0A314}D:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{CE66D768-5153-48AD-A26E-C7BB1C7AF38D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{E1B62082-6CF0-486E-881C-51230DCB9F42}D:\spiele\warcraft iii original\pickup.listchecker.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii original\pickup.listchecker.exe | 
"TCP Query User{E1DDEE02-F3FD-4A10-BF49-E03A7C9DA3F8}D:\spiele\galcon\main.exe" = protocol=6 | dir=in | app=d:\spiele\galcon\main.exe | 
"TCP Query User{E46478C5-A6D6-4D11-83C9-F7B09D4DA910}D:\spiele\warcraft iii kurz vor blödem patch (richtig)\war3.exe" = protocol=6 | dir=in | app=d:\spiele\warcraft iii kurz vor blödem patch (richtig)\war3.exe | 
"TCP Query User{E6EBA7EA-645D-4A29-9239-917FA22BD161}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{ED116785-C87D-49EA-852A-FFEB006E2407}D:\spiele\aoe 2\spcrack.exe" = protocol=6 | dir=in | app=d:\spiele\aoe 2\spcrack.exe | 
"TCP Query User{F291FACB-59C1-433B-A24A-A98C27DEF110}D:\spiele\dk ii\dkii.exe" = protocol=6 | dir=in | app=d:\spiele\dk ii\dkii.exe | 
"TCP Query User{F5C795D2-14BC-4CAC-A808-67FDA36AC70A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{FF4B6C6F-FCB7-46B5-8C14-CC225D199720}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{08DBCF96-38B9-453E-A224-3DEFC604D0AE}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{1ADC32F8-BE3D-43ED-B97C-7050B0925506}D:\spiele\freelancer\exe2\freelancer.exe" = protocol=17 | dir=in | app=d:\spiele\freelancer\exe2\freelancer.exe | 
"UDP Query User{1FBA1C99-AEB4-4AD5-8D96-DFFC4F52E8B2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{21915928-E951-4924-B73B-545A24EA2DF9}D:\spiele\codename eagle\ce 1.42\ce.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\ce.exe | 
"UDP Query User{28DC6E8B-D771-4D1D-903E-DF8F5D0749B7}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{34AEB369-BED6-4C36-9A86-548246413909}D:\spiele\warcraft iii original\pickup.listchecker.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii original\pickup.listchecker.exe | 
"UDP Query User{34DB0A9B-9764-4CB5-9EF6-297F8C3BA828}D:\spiele\call of duty ii\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty ii\cod2mp_s.exe | 
"UDP Query User{3594B206-3D56-4038-A8F3-068B8CFAA47B}D:\spiele\warhammer 40000 dawn of war\w40k.exe" = protocol=17 | dir=in | app=d:\spiele\warhammer 40000 dawn of war\w40k.exe | 
"UDP Query User{382F61E3-2FC1-4490-BF8E-443D59AFC581}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3AF52015-2F46-497F-863A-374AAA70B866}D:\spiele\13th century - death or glory\engine.exe" = protocol=17 | dir=in | app=d:\spiele\13th century - death or glory\engine.exe | 
"UDP Query User{405ED813-B761-4ACE-8510-31D46EC4C228}D:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\spiele\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{4974F2F3-97B2-46F5-BFB0-CC604F13905D}D:\spiele\warcraft iii original\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii original\war3.exe | 
"UDP Query User{5F511B0F-F8AB-41AB-899A-1EC16E761FCC}D:\spiele\cs1.6\hltv.exe" = protocol=17 | dir=in | app=d:\spiele\cs1.6\hltv.exe | 
"UDP Query User{62B85A85-09D3-436F-ACAD-03CA5B8C0E96}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{668C6FA3-687F-4386-93DF-E047CA2ABE16}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{672119E9-E229-4736-B681-89CD70FC15CF}D:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii\war3.exe | 
"UDP Query User{6BCE4465-E781-4E95-B9D9-C3BE866F074C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{71B82035-1794-46EC-8E12-949F0505EC29}D:\spiele\vietcong\vietcong.exe" = protocol=17 | dir=in | app=d:\spiele\vietcong\vietcong.exe | 
"UDP Query User{84FDDBBE-9FFC-4537-9440-35CA1255B3C4}D:\spiele\codename eagle\ce 1.42\lobby.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\lobby.exe | 
"UDP Query User{87DCBC23-485A-4B28-859B-76D4EFE1D986}D:\spiele\cs1.6\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs1.6\hl.exe | 
"UDP Query User{8B8C413F-0EB1-49A5-BF9D-DB531C938D9F}D:\spiele\codename eagle\ce 1.42\ce.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\ce.exe | 
"UDP Query User{8F8012FA-F18F-4596-A7FB-A5A21CA790E3}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{908B812D-A51C-4D34-AFD9-2CCB9CDECC46}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{96334E5B-AAEB-43DD-8AB2-59C0EC9D6F3A}D:\spiele\aoe 2\spcrack.exe" = protocol=17 | dir=in | app=d:\spiele\aoe 2\spcrack.exe | 
"UDP Query User{A0CFC53A-8245-4C36-A864-347795C8F806}D:\spiele\counterstrike 1.6\hltv.exe" = protocol=17 | dir=in | app=d:\spiele\counterstrike 1.6\hltv.exe | 
"UDP Query User{B28F1F1A-28EF-4749-909F-6357FE910429}D:\spiele\cs1.6\hl.exe" = protocol=17 | dir=in | app=d:\spiele\cs1.6\hl.exe | 
"UDP Query User{B3767C66-C50D-468E-8146-3501DBDA9327}D:\spiele\aoe 2\age2_x1.exe" = protocol=17 | dir=in | app=d:\spiele\aoe 2\age2_x1.exe | 
"UDP Query User{B54A0FA7-0ACC-4544-8A43-D27EEEB455DC}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"UDP Query User{BB7B4992-64A8-4F66-9A8A-6F8F82208EC1}D:\spiele\renegade\game.exe" = protocol=17 | dir=in | app=d:\spiele\renegade\game.exe | 
"UDP Query User{C46F037A-2770-4963-BA3E-E89425DCC1F7}D:\spiele\warcraft iii original\pickup.listchecker.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii original\pickup.listchecker.exe | 
"UDP Query User{C8ADBCCA-DD77-48CA-B321-6B1573D3C9FE}D:\spiele\galcon\main.exe" = protocol=17 | dir=in | app=d:\spiele\galcon\main.exe | 
"UDP Query User{C96AA8AA-9D85-4B88-B650-D9D7589BB624}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{CB147287-156C-4356-BCBB-931B9701DFA2}D:\spiele\dk ii\dkii.exe" = protocol=17 | dir=in | app=d:\spiele\dk ii\dkii.exe | 
"UDP Query User{D85F26A7-24AE-42E4-8A27-F6E6CF8C9425}D:\spiele\warcraft iii original\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii original\war3.exe | 
"UDP Query User{D94FD66D-0E07-4C4D-BBD5-9EAAA6B74846}D:\spiele\warcraft iii kurz vor blödem patch (richtig)\war3.exe" = protocol=17 | dir=in | app=d:\spiele\warcraft iii kurz vor blödem patch (richtig)\war3.exe | 
"UDP Query User{E143DAC6-F57B-44AC-8D55-5757C74BCE4C}D:\spiele\homm iii\h3blade.exe" = protocol=17 | dir=in | app=d:\spiele\homm iii\h3blade.exe | 
"UDP Query User{E2314880-BC38-4FD2-939B-766F08BEBD06}D:\spiele\codename eagle\ce 1.42\lobby.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\lobby.exe | 
"UDP Query User{E4C9D7B7-E6A1-42E1-9944-591DDA576B5F}D:\spiele\codename eagle\ce 1.42\iplist.exe" = protocol=17 | dir=in | app=d:\spiele\codename eagle\ce 1.42\iplist.exe | 
"UDP Query User{EAFC67BF-A309-49D4-AD78-5B079AFCAD12}D:\spiele\vietcong\vietcong.exe" = protocol=17 | dir=in | app=d:\spiele\vietcong\vietcong.exe | 
"UDP Query User{F2D36EB0-E12F-4662-94F9-16766820A26E}D:\spiele\galcon\main.exe" = protocol=17 | dir=in | app=d:\spiele\galcon\main.exe | 
"UDP Query User{FAD5495A-53EE-4F06-BE63-9A8B8DA9DD24}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0A1984C3-5036-5B5F-F18E-16453EF5A6E1}" = Catalyst Control Center Localization Swedish
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{155BBB23-C7A5-223C-3B33-289089D6E0A2}" = Catalyst Control Center Localization Finnish
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19B4BDE9-0F2B-44FF-FDC4-987E1B33D03C}" = CCC Help English
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24F149E4-D897-9046-48A5-87CD67F81865}" = CCC Help Polish
"{25C1AF96-1F59-A1CE-3135-B38AFAA5C614}" = CCC Help Czech
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26E2E4FB-F26A-549E-5496-14BAE4E2BA67}" = Catalyst Control Center Graphics Full Existing
"{27B7371A-7AA2-CC5B-6377-72161660F0BE}" = CCC Help Chinese Traditional
"{29F3D466-E05F-CBB6-63E9-01C85C083FCD}" = CCC Help French
"{2CB2E1AE-B62A-3F43-9DD0-EF73467977AC}" = Catalyst Control Center Localization Hungarian
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{30BDD0BE-6A51-6DDD-197D-EFCE3B0EF79D}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{358C26F2-5B99-A7E9-18CF-2AE6BC97289B}" = Catalyst Control Center Localization Czech
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C277F75-605E-BFFE-4F87-27709C92370C}" = Catalyst Control Center Localization Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4BD4AA8B-3C63-26AB-1CA3-010475A9EA72}" = CCC Help Portuguese
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5262BAD6-5AB7-1490-A65C-D06368F07FF1}" = Catalyst Control Center Localization Italian
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53F44183-B716-8D7D-053E-CB8039B38E74}" = CCC Help Hungarian
"{5539EBB1-4BB9-21E5-921B-16E8886639D3}" = Catalyst Control Center Localization Chinese Traditional
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A89D38C-B9FE-ECFF-B90E-B9DEC8C8F2D8}" = Catalyst Control Center Localization Greek
"{5B1519C1-265C-C636-C414-F1E150B4F0AA}" = CCC Help Turkish
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{6184B5A4-1355-A8D6-CE24-8F7EE887CBF3}" = CCC Help Norwegian
"{650BDC60-79C7-383B-2E9C-B8FF3909A127}" = Catalyst Control Center Localization Spanish
"{653F6FEA-643C-457F-774A-64D4DAAE1028}" = Catalyst Control Center Graphics Previews Vista
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{790DA23A-126B-91A9-FAB7-13EF66724253}" = CCC Help Swedish
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DBDAAAB-8639-B59D-798A-32458B7380F9}" = Catalyst Control Center Localization Norwegian
"{7E96828D-B970-B1A9-3D9F-7EC3624785D0}" = Catalyst Control Center Localization German
"{7ECBF19A-78EC-1665-7E1C-B3E92B07F7CC}" = CCC Help Japanese
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80C1F369-F876-3D19-7816-B7800E7A6961}" = CCC Help Greek
"{827CFE4D-8687-9E1E-0A72-587BFF0B0D3A}" = CCC Help Thai
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect Lite
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF60AF6-B109-D3A4-4367-B3620CBA37A7}" = CCC Help Finnish
"{9ED61802-0F47-F846-FA23-67CE3E4BD427}" = CCC Help Italian
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A79CB508-2DD7-F717-8787-C6382C274082}" = Catalyst Control Center Graphics Light
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AACF5D06-EF3A-1941-3492-1E60589CA444}" = ccc-utility
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE2C968B-8A14-ABA2-D742-14E575104BCD}" = Catalyst Control Center Localization Korean
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6988D5B-4325-F1F7-B0E5-C4CCCD01E6B8}" = Catalyst Control Center Localization Thai
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B734B040-25BB-02CA-39BD-FD6D070EDDAB}" = Catalyst Control Center Localization Danish
"{B86EE516-7CB4-E4C3-8382-010D4F2807F5}" = CCC Help Korean
"{BB01F512-272A-3C70-DA60-884C8BBC39DD}" = Catalyst Control Center Localization Chinese Standard
"{BCB0CE1E-7510-3948-4834-99BBA689CF62}" = Catalyst Control Center Core Implementation
"{BD5106DF-C061-5736-F1A5-F114BAA63759}" = CCC Help Russian
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C03A43DF-CEE0-6D82-D2D3-781CCE1FC24E}" = Catalyst Control Center Localization Japanese
"{C76DAFAE-5E59-44AB-2764-70BC79E0D4B2}" = Skins
"{C8256DAF-828E-7E91-FB83-D900AA8E3C86}" = CCC Help Danish
"{C9429012-1CBE-E0CA-0955-CC53E0F2115F}" = CCC Help Chinese Standard
"{CB9B619A-EEA1-BFAB-6CA5-1FC655E2A0DA}" = Catalyst Control Center Localization Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D013644E-F890-49A4-0DE9-8E4BBD18A406}" = ATI Catalyst Install Manager
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.58.429
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D7C49EC6-4DEA-7A7A-860D-78D613C68B8C}" = ccc-core-static
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{E08C03D7-AE05-0458-2D14-78F219316933}" = Catalyst Control Center Localization Dutch
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E4FD0200-A7DB-2D5A-B5B1-DBC0A184C9B2}" = Catalyst Control Center Localization Russian
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E9BA4A79-BD4C-52E3-F34F-85B1CC62EE15}" = Catalyst Control Center Localization Polish
"{E9D20FA4-7CA6-F243-A503-CA961CCD2277}" = CCC Help Spanish
"{EF9E54C1-2D5F-DDA8-8E7B-0CD3EF89C8E4}" = Catalyst Control Center Localization French
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F5A630D4-3D7D-6EEC-5DAE-41835DC0A1DA}" = Catalyst Control Center Graphics Full New
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FD2B6E20-5344-07B4-C210-B57611E02906}" = CCC Help Dutch
"Acer Acer Bio Protection 6.0.00.13" = Acer Bio Protection

AAV 6.0.00.13
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AP Tuner 3.08" = AP Tuner 3.08
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BIMPLite" = BIMP Lite 1.62
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Crazy Browser 3.0.0 RC1_is1" = Crazy Browser version 3.0.0 RC1
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dungeon Keeper 2" = Dungeon Keeper 2
"Galcon_is1" = Galcon 1.0
"GridVista" = Acer GridVista
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HaaliMkx" = Haali Media Splitter
"Hamachi" = Hamachi 1.0.3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"LManager" = Launch Manager
"Mediscript-CD GK1" = Mediscript-CD GK1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Network Addon Mod" = Network Addon Mod Version April 2008 deutsch
"Orbit_is1" = Orbit Downloader
"pdfsam" = pdfsam
"ScreenshotCaptor_is1" = Screenshot Captor 2.89.01
"Sobotta 22 - Atlas der Anatomie" = Sobotta 22 - Atlas der Anatomie
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.01 (Greengrass)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.7
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.05.2010 13:58:12 | Computer Name = Michi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.05.2010 13:58:25 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.05.2010 13:58:25 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.05.2010 17:15:43 | Computer Name = Michi-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 12.05.2010 05:09:07 | Computer Name = Michi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2010 05:09:13 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.05.2010 05:09:13 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.05.2010 07:36:38 | Computer Name = Michi-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.05.2010 07:36:48 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 13.05.2010 07:36:48 | Computer Name = Michi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________


Alt 09.02.2012, 19:13   #3
JimBob21
 
"Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt." - Standard

"Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."



Ich glaube mir ist beim OTL.txt-Upload ein Fehler unterlaufen, da dort überall diese grünen Formatierungszeichen auftauchen, deshalb nun noch einmal als Anhang. Sollten diese Zeichen bedeutungslos sein, möchte ich mich für den double-post entschuldigen.

Liebe Grüße

P.S. Ich bin der einzige User, der auf dem Rechner existiert. Hatte offenbar nicht das Häkchen bei "alle Benutzer scannen" gesetzt. Nochmal machen?

Code:
ATTFilter
OTL logfile created on: 09.02.2012 15:58:59 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Michi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 84,26% Memory free
6,19 Gb Paging File | 5,92 Gb Available in Paging File | 95,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 12,44 Gb Free Space | 11,17% Space Free | Partition Type: NTFS
Drive D: | 105,90 Gb Total Space | 17,85 Gb Free Space | 16,86% Space Free | Partition Type: NTFS
Drive E: | 486,17 Mb Total Space | 311,50 Mb Free Space | 64,07% Space Free | Partition Type: FAT
 
Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.16 14:22:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.30 22:25:44 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.01 09:28:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 15:46:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.25 01:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008.06.06 00:50:43 | 003,488,768 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2008.04.27 21:26:44 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.03.21 12:22:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 17:35:02 | 000,081,504 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.01.10 16:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.11 04:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.11.06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007.10.03 13:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.01 09:28:49 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 09:28:49 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.02.08 15:36:07 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2011.02.08 13:44:14 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009.08.18 12:06:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 12:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 12:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 12:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 12:06:44 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.08.18 12:06:44 | 000,009,216 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.07.21 16:01:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.21 16:01:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.08.17 22:03:01 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.07.14 16:13:05 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.06.06 00:50:38 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.05.08 18:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.05.02 16:27:48 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.04.27 21:27:10 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.04.11 10:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.21 09:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.03.11 12:38:00 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.02.29 08:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 17:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2008.01.08 20:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.12.18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.11.06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.09.28 11:47:48 | 000,283,776 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ixquick"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ixquick.com"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.03 23:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.16 10:51:51 | 000,000,000 | ---D | M]
 
[2008.07.09 20:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions
[2011.12.10 17:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\abcy3n4i.default\extensions
[2010.06.29 16:03:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\abcy3n4i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.11 18:30:21 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\abcy3n4i.default\extensions\moveplayer@movenetworks.com
[2011.12.04 09:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.16 15:12:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ABCY3N4I.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
() (No name found) -- C:\USERS\MICHI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ABCY3N4I.DEFAULT\EXTENSIONS\INFO@YOUTUBE-MP3.ORG.XPI
[2012.02.03 23:10:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.02.03 23:09:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 23:09:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.03 23:09:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 23:09:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 23:09:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 23:09:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Michi\AppData\Local\Mozilla\Firefox\firefox.exe (3M Touch Systems, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66165F62-E6BB-4001-BF06-4889D5E6DED5}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD7856F4-D82E-4C02-8D42-4352438CF09B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O24 - Desktop WallPaper: C:\Users\Michi\Pictures\Wallpaper\Donavon 1 1280x1024.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michi\Pictures\Wallpaper\Donavon 1 1280x1024.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05338666-3363-11e0-ada5-00a0d1a71c70}\Shell - "" = AutoRun
O33 - MountPoints2\{05338666-3363-11e0-ada5-00a0d1a71c70}\Shell\AutoRun\command - "" = G:\AUTORUN.EXE
O33 - MountPoints2\{1339903c-65a4-11dd-bbfc-00a0d1a71c70}\Shell - "" = AutoRun
O33 - MountPoints2\{1339903c-65a4-11dd-bbfc-00a0d1a71c70}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{768c61f8-2019-11de-ad13-00a0d1a71c70}\Shell\AutoRun\command - "" = G:\ScopeViewer.exe
O33 - MountPoints2\{83c4db34-51b7-11dd-8ecc-00a0d1a71c70}\Shell - "" = AutoRun
O33 - MountPoints2\{83c4db34-51b7-11dd-8ecc-00a0d1a71c70}\Shell\AutoRun\command - "" = E:\autorun.exe -auto
O33 - MountPoints2\{8cf06e1b-7255-11e0-bc52-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{8cf06e1b-7255-11e0-bc52-00a0c6000000}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{caf341d8-c3ce-11de-a7be-00a0d1a71c70}\Shell - "" = AutoRun
O33 - MountPoints2\{caf341d8-c3ce-11de-a7be-00a0d1a71c70}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{e6192026-655e-11dd-b9c7-001de0c47b99}\Shell - "" = AutoRun
O33 - MountPoints2\{e6192026-655e-11dd-b9c7-001de0c47b99}\Shell\AutoRun\command - "" = H:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Programme\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk -  - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: ePower_DMC - hkey= - key= - C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
MsConfig - StartUpReg: MobileConnect - hkey= - key= -  File not found
MsConfig - StartUpReg: Orb - hkey= - key= -  File not found
MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.09 15:36:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
[2012.02.05 18:40:58 | 000,000,000 | ---D | C] -- C:\Users\Michi\Desktop\Bilder
[3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Michi\AppData\Roaming\*.tmp files -> C:\Users\Michi\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.09 15:52:43 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.09 15:52:43 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.09 15:52:43 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.09 15:52:43 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.09 15:50:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.09 15:49:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.09 15:48:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.02.09 15:48:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.09 15:48:45 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[3 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Michi\AppData\Roaming\*.tmp files -> C:\Users\Michi\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.10 14:26:33 | 000,000,036 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\blckdom.res
[2011.10.14 00:32:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.01.18 19:09:03 | 000,000,058 | ---- | C] () -- C:\Users\Michi\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.03.15 19:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010.02.07 14:57:11 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2009.09.24 10:25:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 10:25:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.21 16:01:05 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.21 16:01:05 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.04.08 16:46:18 | 000,000,202 | ---- | C] () -- C:\Windows\System32\IC32.INI
[2009.01.22 21:15:11 | 000,001,910 | ---- | C] () -- C:\Windows\CDPLAYER.INI
[2008.12.23 17:37:49 | 000,000,771 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\coreavc.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.16 01:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.09.16 01:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.08.30 18:16:30 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.08.22 12:08:44 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008.08.18 15:14:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.10 15:42:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.10 15:22:59 | 000,111,608 | ---- | C] () -- C:\Windows\War3Unin.dat
[2008.07.21 23:09:31 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2008.07.14 16:16:31 | 000,000,680 | ---- | C] () -- C:\Users\Michi\AppData\Local\d3d9caps.dat
[2008.07.14 16:06:01 | 000,001,191 | ---- | C] () -- C:\Windows\eReg.dat
[2008.07.12 16:56:22 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.07.09 20:29:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.07.09 17:17:35 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2008.07.08 16:38:10 | 000,183,296 | ---- | C] () -- C:\Users\Michi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.12 19:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.06.06 00:55:07 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008.06.06 00:55:07 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe
[2008.06.06 00:55:07 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini
[2008.06.06 00:51:06 | 001,548,099 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.06.06 00:42:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.05.16 06:50:46 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.05.16 06:50:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.16 06:50:44 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.05.16 06:50:43 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.04.12 06:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 06:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.03.28 20:22:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.03.28 20:22:04 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.03.28 19:29:19 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.03.28 19:25:31 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.03.28 19:21:05 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.03.28 19:21:05 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.03.28 19:19:46 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008.03.28 11:58:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.21 08:15:58 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.11.06 21:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007.04.24 17:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,315,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2011.02.13 18:22:53 | 000,000,000 | -HSD | M] -- C:\Users\Michi\AppData\Roaming\.#
[2011.10.23 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\1&1 Mail & Media GmbH
[2008.07.11 13:28:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Acer
[2008.03.28 19:43:38 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Acer GameZone Console
[2008.08.09 05:54:11 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Ashampoo
[2011.10.07 12:24:10 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\CPUControl
[2008.08.16 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Crazy Browser
[2008.07.14 16:12:47 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DAEMON Tools
[2011.02.08 13:52:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DAEMON Tools Lite
[2011.01.18 19:09:03 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DonationCoder
[2008.07.10 15:12:12 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\eSobi
[2009.01.22 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\FinalBurner AudioCD Ripper
[2009.03.12 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\FloodLightGames
[2008.12.22 13:43:03 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Galcon
[2011.03.23 15:30:29 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\GrabPro
[2011.08.03 11:55:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ICQ
[2011.12.10 14:26:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\kock
[2011.11.02 16:23:35 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\LolClient
[2009.09.14 13:33:24 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OpenOffice.org
[2011.03.23 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Orbit
[2009.09.15 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\PlayFirst
[2011.03.23 15:26:44 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ProgSense
[2010.10.26 21:44:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ProtectDISC
[2011.08.03 17:58:51 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Steinberg
[2011.12.16 15:07:39 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\UAs
[2009.07.21 16:36:40 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Ubisoft
[2008.07.08 16:26:35 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Validity
[2011.04.29 12:49:36 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Vodafone
[2011.12.10 14:26:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\xmldm
[2012.02.09 15:49:30 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.08 13:25:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2008.06.06 01:46:59 | 000,000,000 | ---D | M] -- C:\ACER
[2008.07.08 16:25:24 | 000,000,000 | ---D | M] -- C:\ACERSW
[2008.07.09 17:07:10 | 000,000,000 | ---D | M] -- C:\Anderes
[2009.10.04 13:19:13 | 000,000,000 | -HSD | M] -- C:\Boot
[2008.06.06 01:03:56 | 000,000,000 | ---D | M] -- C:\CLSetup
[2012.01.04 22:25:33 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.07.08 16:21:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.03.28 19:12:56 | 000,000,000 | ---D | M] -- C:\Intel
[2008.03.28 19:45:25 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.01.03 21:54:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.02 10:20:27 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.07.08 16:21:20 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.14 00:32:19 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin
[2012.02.09 13:34:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.07.12 17:13:27 | 000,000,000 | ---D | M] -- C:\TEMP
[2008.07.08 16:25:09 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.09 15:14:58 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 21:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.09.29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.09.29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.07.14 16:13:05 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2009.09.14 16:17:01 | 000,000,853 | ---- | M] () -- C:\Users\Michi\.recently-used.xbel
[2012.02.09 16:01:18 | 004,718,592 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT
[2012.02.09 16:01:17 | 000,262,144 | -H-- | M] () -- C:\Users\Michi\ntuser.dat.LOG1
[2008.07.08 16:25:09 | 000,000,000 | -H-- | M] () -- C:\Users\Michi\ntuser.dat.LOG2
[2012.02.09 15:49:29 | 000,065,536 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.25 09:23:49 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.02.09 15:49:29 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.07.08 16:25:09 | 000,000,020 | -HS- | M] () -- C:\Users\Michi\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8

< End of report >
         
__________________

Geändert von JimBob21 (09.02.2012 um 19:16 Uhr) Grund: siehe post-scriptum

Antwort

Themen zu "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."
adobe, alternate, antivir, autorun, avira, bho, defender, downloader, excel.exe, explorer, firefox, format, helper, home, launch, logfile, nvidia, nvstor.sys, pando media booster, pdf, popup, programme, realtek, registry, required, rundll, scan, software, virus, vista, vodafone, winlogon.exe, wurde ihr



Ähnliche Themen: "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."


  1. Trojaner "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (11)
  2. Virus: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert", OTL ausgeführt, was nun?
    Log-Analyse und Auswertung - 08.04.2012 (5)
  3. Auch bei mir: "Achtung. Aus Sicherheitsgründen wurde ihr Windowssystem blockiert."
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (2)
  4. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert", wie bei anderen.
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (2)
  5. BKA-Trojaner: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 04.03.2012 (6)
  6. Meldung: "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (54)
  7. "Achtung aus Sicherheitsgründen wurde ihr Windowssystem blockiert!" OTLogfile im Anhang
    Log-Analyse und Auswertung - 26.01.2012 (1)
  8. Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"
    Log-Analyse und Auswertung - 24.01.2012 (40)
  9. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem Blockiert, "Bezahlen nd Downloaden"
    Log-Analyse und Auswertung - 23.01.2012 (3)
  10. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Log-Analyse und Auswertung - 16.01.2012 (9)
  11. Trojaner: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 09.01.2012 (24)
  12. TROJANER - "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
    Log-Analyse und Auswertung - 06.01.2012 (11)
  13. Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert ... "bezahlen und runterladen"
    Log-Analyse und Auswertung - 05.01.2012 (9)
  14. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!"
    Log-Analyse und Auswertung - 05.01.2012 (22)
  15. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!"
    Log-Analyse und Auswertung - 28.12.2011 (11)
  16. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt!" OTL-Analyse
    Log-Analyse und Auswertung - 28.12.2011 (1)
  17. "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"-Meldung blockiert Benutzerkonto
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (9)

Zum Thema "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt." - Hallo liebe Helferlein! Auch mich hat nun das scheinbar altbekannte Virus heimgesucht. Insofern brauche ich wohl nichts mehr zur "Symptomatik" schreiben. Habe OTL im abgesicherten Netzwerkmodus durchlaufen lassen. Hier sind - "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt."...
Archiv
Du betrachtest: "Achtung: Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt." auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.