Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.03.2012, 12:09   #1
junkdiesel
 
Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Standard

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung



Guten Tag, Forum.
Ich sitze hier gerade am befallenen Laptop einer Freundin. Sie wurde ebenfalls Opfer dieses Trojaners, der offensichtlich gerade umgeht. Er tritt nur auf, wenn eine Verbindung zum Internet besteht. Es erscheint dann nach einiger Zeit ein Blackscreen mit roter Schrift, die einen freundlich, aber bestimmt, darauf hinweist, dass man doch bitte bezahlen solle, um Windows wieder freizuschalten. Sie kann mir nicht genau sagen, wodurch sie sich ihn eingefangen hat. Ihrer Angabe zufolge besuchte sie, als der Trojaner zum ersten Mal auftauchte, irgendeine Seite zu einer Suppe (sic!). Ist eben ein gutes Mädchen und um unser leibliches Wohl besorgt. Illegales Streaming hat sie auf diesem Notebook ebenfalls nicht wahrgenommen. Wie gesagt, Suppenseite. War wohl ein Haar drin.
Da ich keinen manuellen Workaround gefunden habe und kein Spezialist bei Trojanern bin, wende ich mich an euch.

Es handelt sich um Windows Vista. Anbei die Logfiles von OTL:

Code:
ATTFilter
OTL logfile created on: 15.03.2012 11:34:33 - Run 2
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\Media\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,46% Memory free
4,22 Gb Paging File | 3,87 Gb Available in Paging File | 91,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 55,91 Gb Free Space | 49,97% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 58,71 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
 
Computer Name: LENA | User Name: Media | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.15 10:57:36 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Downloads\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.12 12:46:06 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Media\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.06.28 10:54:42 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.10.26 06:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.02.17 14:30:47 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.12 07:24:12 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009.11.28 20:33:03 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008.09.30 03:40:24 | 000,050,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008.02.25 09:59:12 | 000,101,504 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.10.31 17:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.10.17 07:48:46 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2007.06.06 07:21:32 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 09:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2002.09.19 21:07:50 | 000,034,683 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Pei16Wdm.sys -- (Pei16Wdm)
DRV - [2002.08.15 09:20:04 | 000,035,547 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Pei10Wdm.sys -- (Pei10Wdm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.gmx.net/home [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{0F7848E4-A58F-4560-A967-30A39B5AEE73}: "URL" = hxxp://go.web.de.anonymize-me.de/?anonymto=687474703A2F2F676F2E7765622E64652F73756368626F782F736D61727473686F7070696E672F3F736561726368546578743D7B7365617263685465726D737D266D633D736561726368706C7567696E407375636865406D7369652E7375636865407072656973766572676C65696368&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{16930AA1-A2FB-409A-A8AC-E82EF31245D8}: "URL" = hxxp://suche.gmx.net.anonymize-me.de/?anonymto=687474703A2F2F73756368652E676D782E6E65742F7365617263682F7765622F3F73753D7B7365617263685465726D737D266D633D736561726368706C7567696E407375636865406D7369652E737563686540776562266F726967696E3D736561726368706C7567696E&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{2B66E389-188A-4BA2-A7AD-8C2E7C8BFD95}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{3277EDF5-32BF-4DB0-8E20-13973343AC48}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{382442B4-5F66-443C-AEAB-A8A196BD03F4}: "URL" = hxxp://search.1und1.de.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E31756E64312E64652F7365617263682F7765622F3F73753D7B7365617263685465726D737D266D633D736561726368706C7567696E407375636865406D7369652E737563686540776562266F726967696E3D736561726368706C7567696E&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{3E3753DF-9236-4B39-BE54-5178DA4C4F05}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{71E91FCD-1183-4319-A931-BC4C8B4080AC}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{C08EEB79-375C-4D2C-BD3E-CDE9F85720DC}: "URL" = hxxp://suche.web.de.anonymize-me.de/?anonymto=687474703A2F2F73756368652E7765622E64652F7365617263682F7765622F3F73753D7B7365617263685465726D737D266D633D736561726368706C7567696E407375636865406D7369652E737563686540776562266F726967696E3D736561726368706C7567696E&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{C92BF729-1CF1-40C4-BA59-4746E3ADD2B9}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{EB998A27-7B24-47D2-88F0-8B974D7BA75A}: "URL" = hxxp://go.gmx.net.anonymize-me.de/?anonymto=687474703A2F2F676F2E676D782E6E65742F73756368626F782F616D617A6F6E2F3F6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{F6A790E4-19F0-4108-8B02-7DE8B41C6F58}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "WEB.DE Suche"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.mieser-kerwe.de/neu/"
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.mieser-kerwe.de/neu/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.21 17:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 20:54:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.16 21:35:20 | 000,000,000 | ---D | M]
 
[2009.02.25 19:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions
[2011.07.25 17:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\mesxwzfk.default\extensions
[2010.04.27 19:55:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\mesxwzfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.08 13:27:21 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\mesxwzfk.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.27 17:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\mesxwzfk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.12 12:46:13 | 000,005,757 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\1und1-suche.xml
[2011.06.12 12:46:13 | 000,001,558 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\amazonde.xml
[2009.10.19 18:29:44 | 000,002,515 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\askcom.xml
[2011.06.12 12:46:13 | 000,010,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\gmx-suche.xml
[2011.06.12 12:46:13 | 000,001,097 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\icqplugin-1.xml
[2011.06.12 12:46:13 | 000,001,114 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\icqplugin.xml
[2011.06.12 13:16:10 | 000,001,266 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\kikin-search.xml
[2011.06.12 12:46:13 | 000,004,220 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\sweetim.xml
[2011.06.12 12:46:13 | 000,005,748 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\webde-suche.xml
[2011.06.12 12:46:13 | 000,024,033 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{2664058A-0F80-4CAB-8F34-1844C59DB235}.xml
[2011.06.12 12:46:13 | 000,002,182 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{8FFD1476-8C56-4A40-AC17-62616F4405BB}.xml
[2011.06.12 12:46:13 | 000,002,071 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{C066A440-1F14-417C-8101-91EC5C0AE368}.xml
[2011.06.12 12:46:13 | 000,002,516 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{D62FAE87-B2D4-4C1D-AAAB-36D84A2EDFBD}.xml
[2011.06.12 12:46:13 | 000,001,864 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{DD65EBBB-6D84-4669-954A-904A847B810E}.xml
[2012.02.17 20:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.02.08 13:26:58 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012.02.17 20:54:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.04 20:01:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 20:01:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 20:01:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 20:01:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 20:01:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 20:01:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.06.12 12:48:32 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Media\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup File not found
O4 - HKCU..\Run: [SkypeM] C:\Users\Media\AppData\Local\Skype\Skype.exe (Jacal Consulting)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35A9DABF-A158-481D-9D93-38138C14299D}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D0EDC8F-F796-434C-ACBD-827BB17CACE2}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90c5fdb0-a49d-11de-bd7a-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{90c5fdb0-a49d-11de-bd7a-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9b6163b2-f42c-11e0-b37b-001377b1e583}\Shell - "" = AutoRun
O33 - MountPoints2\{9b6163b2-f42c-11e0-b37b-001377b1e583}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a67d3fc6-a785-11de-83a6-001377b1e583}\Shell - "" = AutoRun
O33 - MountPoints2\{a67d3fc6-a785-11de-83a6-001377b1e583}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a67d3fc9-a785-11de-83a6-001377b1e583}\Shell - "" = AutoRun
O33 - MountPoints2\{a67d3fc9-a785-11de-83a6-001377b1e583}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{dd2b13f8-a39f-11de-b137-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{dd2b13f8-a39f-11de-b137-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dd2b1404-a39f-11de-b137-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{dd2b1404-a39f-11de-b137-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df2aa4a1-3b96-11de-8b55-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{df2aa4a1-3b96-11de-8b55-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df2aa4b6-3b96-11de-8b55-001377b1e583}\Shell - "" = AutoRun
O33 - MountPoints2\{df2aa4b6-3b96-11de-8b55-001377b1e583}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4e0cc75-a424-11de-81a1-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{e4e0cc75-a424-11de-81a1-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f7c3c22e-a45d-11de-8aab-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{f7c3c22e-a45d-11de-8aab-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.15 10:46:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.15 10:15:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 10:15:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 20:20:20 | 000,699,478 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.12 20:20:20 | 000,654,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.12 20:20:20 | 000,155,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.12 20:20:20 | 000,126,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.12 17:08:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.27 20:06:51 | 000,067,584 | ---- | M] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.19 12:36:01 | 000,382,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.17 14:30:47 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.04 18:16:20 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.01.04 18:16:19 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.01.04 18:15:21 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.04 18:13:38 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2012.01.04 18:13:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.06.16 21:51:52 | 000,126,092 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.05.08 08:06:29 | 000,000,035 | ---- | C] () -- C:\Windows\Wmv.INI
[2010.03.20 09:39:41 | 000,000,148 | ---- | C] () -- C:\Windows\bg10_cd.ini
 
========== LOP Check ==========
 
[2010.11.15 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DVDVideoSoft
[2011.05.15 11:57:21 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.08 09:53:31 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\EIBA sc
[2011.07.25 17:03:01 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Epson
[2010.05.25 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\everpixx
[2012.01.15 17:10:56 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ICQ
[2010.02.16 19:25:11 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\McLoad
[2009.10.19 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\OCS
[2009.10.19 18:29:45 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Opera
[2009.02.26 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PeerNetworking
[2010.11.23 21:54:06 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Philipp Winterberg
[2010.09.13 21:32:02 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PhotoScape
[2009.02.25 15:50:10 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\T-Online
[2009.02.25 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Template
[2009.12.22 14:06:01 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\VistaCodecs
[2012.03.12 17:08:42 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.11.29 02:34:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.05.26 14:21:32 | 000,000,000 | ---D | M] -- C:\avs contents
[2009.11.16 21:18:29 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.04 18:13:38 | 000,000,000 | ---D | M] -- C:\Brother
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.11.29 01:21:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.05.26 12:16:49 | 000,000,000 | ---D | M] -- C:\Intel
[2009.05.07 21:44:08 | 000,000,000 | ---D | M] -- C:\Microsoft Office
[2008.05.26 12:30:46 | 000,000,000 | ---D | M] -- C:\MyWorks
[2011.09.04 17:22:32 | 000,000,000 | ---D | M] -- C:\Netgear
[2009.10.06 21:59:11 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.12 20:38:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.22 20:17:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.02.06 12:28:19 | 000,000,000 | ---D | M] -- C:\ProgramDataMedia
[2008.11.29 01:21:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.05.26 12:38:33 | 000,000,000 | ---D | M] -- C:\Samsung
[2009.06.26 10:41:35 | 000,000,000 | ---D | M] -- C:\SiLabs
[2012.03.12 20:44:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.02.26 21:12:22 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.12 20:41:05 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2009.11.24 16:49:06 | 131,342,137 | ---- | M] (                                                             ) -- C:\Program Files\MCT10_build_808.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.05.26 13:28:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2008.05.26 13:29:22 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008.05.26 13:29:22 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008.05.26 13:29:21 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2008.05.26 13:28:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2008.05.26 13:28:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.05.26 13:43:50 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2008.05.26 13:43:50 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.05.26 13:09:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.05.26 13:09:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.05.26 13:09:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.05.26 13:09:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.03.01 22:23:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.01 22:23:22 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.01 22:23:21 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.05.26 12:59:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.05.26 12:59:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.01 22:23:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.05.26 12:42:50 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.05.26 12:42:50 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2006.10.05 09:45:48 | 000,466,944 | ---- | M] () -- C:\Users\Media\bubbles.pps
[2012.03.15 11:31:03 | 003,407,872 | -HS- | M] () -- C:\Users\Media\NTUSER.DAT
[2012.03.15 11:31:03 | 000,262,144 | -H-- | M] () -- C:\Users\Media\ntuser.dat.LOG1
[2008.11.29 01:31:31 | 000,000,000 | -H-- | M] () -- C:\Users\Media\ntuser.dat.LOG2
[2012.03.15 10:46:01 | 000,065,536 | -HS- | M] () -- C:\Users\Media\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.07.11 16:05:48 | 000,524,288 | -HS- | M] () -- C:\Users\Media\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.03.15 10:46:01 | 000,524,288 | -HS- | M] () -- C:\Users\Media\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.11.29 01:31:31 | 000,000,020 | -HS- | M] () -- C:\Users\Media\ntuser.ini
[2010.10.28 13:17:40 | 000,064,788 | ---- | M] () -- C:\Users\Media\opa.pdf
[2010.04.12 07:24:14 | 000,000,172 | R--- | M] () -- C:\Users\Media\Router Login.url
[2011.09.04 17:21:45 | 000,006,055 | ---- | M] () -- C:\Users\Media\Router_Setup.html
[2010.01.11 13:06:23 | 000,017,692 | ---- | M] () -- C:\Users\Media\speedport.ip-prn_status_uebersicht_ass.tif
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
OTL-Extras:

Code:
ATTFilter
OTL Extras logfile created on: 15.03.2012 11:08:13 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\Media\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 66,07% Memory free
4,21 Gb Paging File | 3,76 Gb Available in Paging File | 89,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 55,92 Gb Free Space | 49,98% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 58,71 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
 
Computer Name: LENA | User Name: Media | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3725361268-1413183016-688153926-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0737D557-8FCB-4D9C-B3F9-4E179D31C3F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0ADC817D-6889-4E7E-91FF-DF522A6A8376}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0D8DE01B-DC02-4B3A-A5EA-FEE793D2E912}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{10620717-BA4B-48C8-BDB4-00EE7E37454C}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{180DEA49-76F1-4661-9529-9CB114E37CF6}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{2DBF1EE4-9CF6-4A19-9D27-D3515FFEF5D4}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{2E403A1F-C2E2-445A-AD7B-C6B0DC024276}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{45FCA90E-8ECD-49C5-A46E-2074A54372CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{50B82E60-4CFA-49F6-9EE4-135295609934}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{5A978A49-886A-4ECE-8DC4-46D6BAADE98D}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{660397F4-BDF0-4710-A5F7-0443AC09588F}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{6F6E6E68-A5BC-4486-8E65-3217AC906000}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{7191504F-AD68-4337-BFCF-4AA94E2266A6}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{73D3A291-7641-4365-9CDA-A21CA4C7E319}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{7BEDD542-F97F-4349-9FA8-45475F985A72}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{8412F64F-2771-4F08-A67A-C0335787D2CD}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{85D9766E-BE07-4DAA-B420-0403081B2A4B}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{8CA4BAC5-50E0-422D-B786-740F3F99BA3C}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{A1C1F1CC-97C4-4F37-8BAF-64775A9693EE}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{AC9B3A3B-5E22-43D5-905B-998FF65028C5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{B633CB4E-B990-42B3-87A8-CA76983BE125}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{C921E2F0-F7F1-498B-993C-978A2A74CCB1}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{D2B10039-EA8D-423E-8130-4658AFA0CFFA}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D58715E6-A246-4CA2-8A38-EB0A2D199AAF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{DAE64C2D-4655-4246-96FF-D29F3676B595}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{DD2E9FF1-8FAE-4CB7-A785-4D2DF9A5B4FF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{EA23D867-9AAC-4A8B-9097-3432664B7866}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EEF0B820-020E-446F-A2AC-A57B2DB44B10}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{F21C4C51-1999-4AAB-A8D7-1A54DA8E6955}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04873BD6-F124-42F5-94B6-E6E911F94A13}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0937D969-05F1-4C3A-BE8E-4D87C71F8975}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{1A925E5E-48A9-4417-ADF6-6FD81A9F0A60}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1C2D6479-7C54-44D4-80A6-2A7304D85AA7}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{1CB61810-86A8-4ADA-8949-A0BA7021A957}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1D48CDAD-56AD-4146-BDAB-B9B06C6369A4}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{1DEE172A-7CCC-4360-9AA4-78D46D720B81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2202733D-F855-4218-922E-8D4261475BED}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{223A3112-B439-4C61-BF37-78130ABBA206}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{22958CE3-2D33-4558-8AD6-74B741466DAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23F36C7F-23BE-4F0E-9916-3DDB6220BAD3}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{2869BF6C-1E2B-483A-BEDC-4EFF04670D25}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{3F9B88DD-00EB-40DC-B3AF-6DD8B5B4EEB4}" = protocol=17 | dir=in | app=c:\users\media\downloads\sweetimsetup.exe | 
"{41CE2CA8-9761-4EC2-8846-07F878634323}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{4C7C9A32-DD7C-4EAA-947E-3DAFF140D7EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5FD79B18-81F0-416B-8481-FA254AA9F940}" = protocol=17 | dir=in | app=c:\users\media\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{61368F4A-1485-4D9E-A437-14B94B222118}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{64A631E4-0D4A-4936-B1EC-506E1E7A32A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6610ED7E-A5DB-4A76-BA97-E63CBB76B167}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{692D1924-BA4D-447D-899F-8553B49DFCC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{808889EC-9340-4B7D-AEC5-9F9364C263BD}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8FB354CF-A18F-49A1-B683-3E4A89B415B4}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{91A0E909-90AB-479A-BC0D-5DE4FF29BB54}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{98D11CFE-91BF-4D0C-A836-60BB5BCD2BC4}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{99EA8714-78CC-45CA-8283-2CD10311345E}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{9B1D7C94-3E79-45B4-BFE0-613121C92182}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A5738C7D-AA90-4E3C-BBB9-3EAE11209E29}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A9345776-6F19-4B83-A385-A0F437EC5BA4}" = protocol=6 | dir=in | app=c:\users\media\downloads\sweetimsetup.exe | 
"{B830EAD1-28C8-4872-94D8-3EA0E1609227}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{BB99AFD8-7698-48E9-B5A4-DFC95B600C06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BC2B8362-CCE1-4130-BADB-459DAF972BB8}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C8E64263-EAAB-4A72-8E3B-DE391DB09AA7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D94DE902-4194-475F-B07B-6B3AE29B7CD2}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{DD8CC29E-047A-4B8C-8306-2DEB2838A7F9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E0186368-1926-4A52-8C4D-F022057C4EF6}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{EAF38E8C-ACBC-4494-BDFD-DA0300809CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F8BB1DD0-A436-4FC2-B549-D966BC7D5A80}" = protocol=6 | dir=in | app=c:\users\media\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{F8DC1F78-20A0-46DC-99F1-3F40D1F0D120}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{07CD672D-C3C3-4569-BAD7-52FD1979EDDC}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{290AB24F-9FA8-411B-BAB1-6D740F386C2E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{30FBFE45-DD4A-44EA-8142-8EF0BFCAEFFD}C:\users\media\desktop\lpc simulator\lcpsim.exe" = protocol=6 | dir=in | app=c:\users\media\desktop\lpc simulator\lcpsim.exe | 
"TCP Query User{3E754730-8FB2-4F42-A5F3-E895D622AB25}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{41510B58-94D6-4997-9514-2E5663E4031F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{45BDE7F1-7F53-44B4-AB1D-8D24F794AA00}C:\elcom\zplan21\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\elcom\zplan21\apps\rteng9.exe | 
"TCP Query User{499941AF-8FEB-4106-AC5B-CEE8EFF1098A}C:\elcom\5.0\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\elcom\5.0\apps\rteng9.exe | 
"TCP Query User{4AE9B865-B809-4E07-91A0-1972775EC497}C:\5.1\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\5.1\apps\rteng9.exe | 
"TCP Query User{804EAF40-DD55-4697-8CD4-C48A80EA9048}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{821AA6B8-CB75-4DE3-8BA4-EBC5F6B20912}C:\elcom\5.0\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\elcom\5.0\apps\rteng9.exe | 
"TCP Query User{8E0E50C8-7CB3-465B-BF0B-C536758C4DE7}C:\5.1\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\5.1\apps\rteng9.exe | 
"TCP Query User{95026B42-1BC3-442F-A0D8-D56F3F89874E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{2273171A-C749-43FE-B0D9-EB76735DB335}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{22FCF778-77AF-42E7-964B-2CA95955294F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{4C224502-C728-4140-A440-BCF093C640E2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{4F394350-2F07-4C01-AD2F-AE8C823142F2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{5074BD08-9798-4A11-84E6-20346E9BF000}C:\5.1\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\5.1\apps\rteng9.exe | 
"UDP Query User{53A5C706-37FD-4589-B90A-57581B636309}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{71E66690-0294-48EE-AE1A-0113B90B08AA}C:\elcom\5.0\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\elcom\5.0\apps\rteng9.exe | 
"UDP Query User{75EAA40C-3766-4D0B-A1BA-C4283FFE7F31}C:\users\media\desktop\lpc simulator\lcpsim.exe" = protocol=17 | dir=in | app=c:\users\media\desktop\lpc simulator\lcpsim.exe | 
"UDP Query User{A91887D3-3F43-4165-ACB1-85CC9032C19C}C:\5.1\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\5.1\apps\rteng9.exe | 
"UDP Query User{C7897FFA-5287-419B-A4C0-384F3DAD3C93}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{DD219F2C-84E0-4E28-B284-741F22CD35DC}C:\elcom\zplan21\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\elcom\zplan21\apps\rteng9.exe | 
"UDP Query User{EB3E46C7-8DD5-4343-9CA2-40926461225D}C:\elcom\5.0\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\elcom\5.0\apps\rteng9.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5500
"{0501771F-0548-4A7D-898D-DB614E5D10E6}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{6554815C-24E2-4B54-AE6D-E3BB0D824043}" = INFORM
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B162D64-3A0E-48BE-AE08-CD2EB84CCE50}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista_2 (c:\SiLabs\MCU_2)
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe  1.8.15.1
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J265W
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Elcom 5.1" = Hager - Tehalit 5.1
"ElcomPdf Port Monitor" = ElcomPdf
"EPSON SX210 Series" = Druckerdeinstallation für EPSON SX210 Series
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NSS" = Norton Security Scan
"ProInst" = Intel(R) PROSet/Wireless Software
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VDE-Anwendungsprogramm" = VDE-Anwendungsprogramm 8.0.18.0
"VLC media player" = VLC media player 1.1.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2012 05:19:14 | Computer Name = Lena | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/15 10:19:14.061]: [00003188]: GetDeviceIpAddress:
 GetAddressByName [BRW0022587137A9] Error  
 
Error - 15.03.2012 05:19:49 | Computer Name = Lena | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/15 10:19:49.286]: [00003188]: GetDeviceIpAddress:
 GetAddressByName [BRW0022587137A9] Error  
 
Error - 15.03.2012 05:20:24 | Computer Name = Lena | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/15 10:20:24.510]: [00003188]: GetDeviceIpAddress:
 GetAddressByName [BRW0022587137A9] Error  
 
Error - 15.03.2012 05:20:59 | Computer Name = Lena | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/15 10:20:59.735]: [00003188]: GetDeviceIpAddress:
 GetAddressByName [BRW0022587137A9] Error  
 
Error - 15.03.2012 05:22:54 | Computer Name = Lena | Source = EventSystem | ID = 4609
Description = 
 
Error - 15.03.2012 05:47:20 | Computer Name = Lena | Source = EventSystem | ID = 4609
Description = 
 
Error - 15.03.2012 06:02:48 | Computer Name = Lena | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2012 06:02:58 | Computer Name = Lena | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2012 06:10:05 | Computer Name = Lena | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2012 06:10:16 | Computer Name = Lena | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 15.03.2012 05:23:34 | Computer Name = Lena | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2012 05:23:34 | Computer Name = Lena | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2012 05:23:50 | Computer Name = Lena | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2012 05:47:09 | Computer Name = Lena | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2012 05:47:09 | Computer Name = Lena | Source = LSM | ID = 1048
Description = 
 
Error - 15.03.2012 05:47:11 | Computer Name = Lena | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2012 05:47:20 | Computer Name = Lena | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2012 05:47:28 | Computer Name = Lena | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2012 05:47:37 | Computer Name = Lena | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2012 05:47:37 | Computer Name = Lena | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
Würde mich natürlich über schnelle Hilfe freuen, da die Gute bald auf Mittagsschicht muss. Viel interessanter fände ich aber, wie der Trojaner genau heißt. Ob es sich um ein selbstausführendes Javascript oder wasweißich handelt. Bin eben auch neugierig. Danke schon mal! =)

Alt 15.03.2012, 13:30   #2
markusg
/// Malware-holic
 
Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Standard

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung



hi
wenn sie um euer wohl besorgt währe, gäbe es nen stück fleisch :-)
ne mal spaß bei seite, wenn sie die seite noch kennt, hätte ich die gern als private nachicht.

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [SkypeM] C:\Users\Media\AppData\Local\Skype\Skype.exe (Jacal Consulting)
 :Files
C:\Users\Media\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 15.03.2012, 14:27   #3
junkdiesel
 
Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Standard

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung



Danke für die schnelle Hilfe. Ich hatte SkypeM.exe sogar unter Verdacht, wollte es aber nicht manuell löschen, auch nicht in der Registry, weil keine Ahnung, ob effektiv und/oder sogar Problem verschlimmern. Oh, well.

Hier der Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully.
C:\Users\Media\AppData\Local\Skype\Skype.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Media
->Flash cache emptied: 3408665 bytes
 
User: Public
 
Total Flash Files Cleaned = 3,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Media
->Temp folder emptied: 2692917220 bytes
->Java cache emptied: 32522210 bytes
->FireFox cache emptied: 58702088 bytes
->Google Chrome cache emptied: 10999903 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139992109 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.799,00 mb
 
 
OTL by OldTimer - Version 3.2.37.0 log created on 03152012_141309

Files\Folders moved on Reboot...
File\Folder C:\Users\Media\AppData\Local\Temp\2011-08-23-1174311986_04-RG.PDF  not found!
File\Folder C:\Users\Media\AppData\Local\Temp\2011-10-21-1195515741_04-RG.PDF  not found!

Registry entries deleted on Reboot...
         
Upload einwandfrei.

Off-Topic: normalerweise kriegen wir immer Fleisch, in Massen und vom Grill, weil sie selbst Fleischfresser ist. Keine Ahnung, was sie wieder vorhat. Die Vergangenheit hat aber gezeigt, dass es immer gute Dinge waren. Wenn ich ihr das Notebook später vorbeibringe, frage ich sie nochmal nach der Seite. Sie meinte, sie habe gegooglet und auf eine der angezeigten Seiten geklickt. Da die Temp- und Cache-Ordner ja nun aber leer sind, kann ich das ohne die genaue Suchanfrage nicht nachvollziehen. Vielen, vielen Dank nochmal. Ich versuche, dich auf dem Laufenden zu halten.
__________________

Alt 15.03.2012, 16:27   #4
markusg
/// Malware-holic
 
Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Standard

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung



hi,
wir sind noch nicht ganz durch.
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.03.2012, 19:27   #5
junkdiesel
 
Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Standard

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung



Hier der geforderte Combofix-Log:

Code:
ATTFilter
ComboFix 12-03-15.03 - Media 15.03.2012  18:40:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.822 [GMT 1:00]
ausgeführt von:: c:\users\Media\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\system32\drivers\ntfs.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-15 bis 2012-03-15  ))))))))))))))))))))))))))))))
.
.
2012-03-15 17:51 . 2012-03-15 17:55	--------	d-----w-	c:\users\Media\AppData\Local\temp
2012-03-15 17:51 . 2012-03-15 17:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-15 13:13 . 2012-03-15 13:23	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-04 18:15	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 13:30 . 2011-10-19 19:52	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-12 19:52 . 2012-02-17 13:54	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2009-11-24 15:49 . 2009-11-03 14:36	131342137	----a-w-	c:\program files\MCT10_build_808.exe
2012-02-17 19:54 . 2011-05-15 09:38	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-11 4702208]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Ocs_SM"="c:\users\Media\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-06-12 106496]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-07-30 176128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3725361268-1413183016-688153926-1003]
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-23 c:\windows\Tasks\Norton Security Scan for Media.job
- c:\progra~1\NORTON~2\Engine\351~1.10\Nss.exe [2012-01-22 08:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mieser-kerwe.de/neu/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
AddRemove-Elcom 5.1 - c:\windows\IsUn0407.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-15 18:57
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2680)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\system32\conime.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\users\Media\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Browny02\BrYNSvc.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-15  19:07:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-15 18:07
.
Vor Suchlauf: 15 Verzeichnis(se), 60.830.703.616 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 60.645.208.064 Bytes frei
.
- - End Of File - - 7A354271980FAB0A3ED793153225B515
         


Alt 15.03.2012, 21:10   #6
markusg
/// Malware-holic
 
Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Standard

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung



nutzt du den pc für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
__________________
--> Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung

Alt 16.03.2012, 09:58   #7
junkdiesel
 
Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Standard

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung



Ich nutze den PC ja schon mal gar nicht, das tut sie selbst

Sie sagt, für Einkäufe und Paypal, aber nicht für Onlinebanking oder Berufliches.

Alt 16.03.2012, 10:05   #8
markusg
/// Malware-holic
 
Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Standard

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung



keine spitzwindigkeiten :d.

sie hat ein tdss rootkit auf dem pc.
dieses kann daten, wichtiger natur ausspähen, paypal infos zb.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.03.2012, 10:27   #9
junkdiesel
 
Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Standard

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung



So ein Ärger. Fuck.
Ich hab ihr eine SMS geschrieben, was ansteht.
Formatieren und neu aufsetzen kann ich. Muss schauen, ob sie eine Win-OS-DVD o.Ä. hat, wird sie mir wohl mitteilen.
Ich melde mich wieder, sobald es an die Systemsicherung geht. Oder wäre vorher (abgesehen von Datensicherung) noch etwas zu beachten?

Antwort

Themen zu Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung
0x00000001, antivir, autorun, avira, bho, bonjour, converter, desktop, excel, firefox, flash player, freundlich, google, home, install.exe, internet, microsoft office 2003, mp3, nvstor.sys, realtek, registry, required, rundll, scan, searchscopes, security, security update, server, software, svchost.exe, sweetim, trojaner, version=1.0, windows, workaround



Ähnliche Themen: Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung


  1. Bundespolizei "Firefox gesperrt" (Windows 7) / Trojaner ja oder nein
    Plagegeister aller Art und deren Bekämpfung - 20.11.2013 (17)
  2. GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt."
    Log-Analyse und Auswertung - 10.09.2012 (12)
  3. GVU Trojaner "Ihr Compuer wurde aus einem oder mehreren der unten aufgeführtenGründe gesperrt" 100€ Zahlungsaufforderung
    Log-Analyse und Auswertung - 07.09.2012 (8)
  4. (2x) GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt."
    Mülltonne - 01.09.2012 (1)
  5. GVU Trojaner mit 100€ Zahlungsaufforderung "Ihr computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt."
    Log-Analyse und Auswertung - 20.08.2012 (13)
  6. Windows 7 64 Bit "GVU"" Ihr Computer wurde gesperrt."
    Log-Analyse und Auswertung - 30.07.2012 (27)
  7. "McAfee"-Windows durch Trojaner gesperrt
    Log-Analyse und Auswertung - 29.03.2012 (1)
  8. Trojaner-Befall: "Achtung - Ihr Windows wurde aus Sicherheitsgründen gesperrt.."
    Log-Analyse und Auswertung - 26.03.2012 (9)
  9. Windows Sicherheitswarnung, Zahlungsaufforderung, blackscreen
    Log-Analyse und Auswertung - 22.03.2012 (25)
  10. Trojaner, "Achtung Ihr Windows wurde aus Sicherheitsgründen gesperrt"
    Log-Analyse und Auswertung - 14.03.2012 (5)
  11. Blackscreen und Meldung "Ihr Windowssystem wurde aus Sicherheitsgründen gesperrt. Bezahlen & Her..."
    Plagegeister aller Art und deren Bekämpfung - 07.03.2012 (6)
  12. Fehlermeldung "Windows wurde gesperrt. runterladen und bezahlen" - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (17)
  13. Blackscreen, "angebliche Windows Sicherheitswarnung" maleware?
    Log-Analyse und Auswertung - 05.02.2012 (1)
  14. trojaner eingefangen: "aus Sicherheitsgründen wurde ihr Windows gesperrt"
    Log-Analyse und Auswertung - 25.01.2012 (15)
  15. Virus/Trojaner "Achtung! Windows wurde aus Sicherheitsgründen gesperrt"
    Log-Analyse und Auswertung - 29.12.2011 (13)
  16. Windows "aus Sicherheitsgründen" blockiert, Zahlungsaufforderung
    Mülltonne - 20.12.2011 (1)
  17. Computer gesperrt, Schadenssoftware Zahlungsaufforderung vom "Staat"
    Log-Analyse und Auswertung - 21.11.2011 (15)

Zum Thema Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung - Guten Tag, Forum. Ich sitze hier gerade am befallenen Laptop einer Freundin. Sie wurde ebenfalls Opfer dieses Trojaners, der offensichtlich gerade umgeht. Er tritt nur auf, wenn eine Verbindung zum - Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung...
Archiv
Du betrachtest: Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.