Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung

junkdiesel · 15.03.2012, 12:09

Guten Tag, Forum.
Ich sitze hier gerade am befallenen Laptop einer Freundin. Sie wurde ebenfalls Opfer dieses Trojaners, der offensichtlich gerade umgeht. Er tritt nur auf, wenn eine Verbindung zum Internet besteht. Es erscheint dann nach einiger Zeit ein Blackscreen mit roter Schrift, die einen freundlich, aber bestimmt, darauf hinweist, dass man doch bitte bezahlen solle, um Windows wieder freizuschalten. Sie kann mir nicht genau sagen, wodurch sie sich ihn eingefangen hat. Ihrer Angabe zufolge besuchte sie, als der Trojaner zum ersten Mal auftauchte, irgendeine Seite zu einer Suppe (sic!). Ist eben ein gutes Mädchen und um unser leibliches Wohl besorgt. Illegales Streaming hat sie auf diesem Notebook ebenfalls nicht wahrgenommen. Wie gesagt, Suppenseite. War wohl ein Haar drin.
Da ich keinen manuellen Workaround gefunden habe und kein Spezialist bei Trojanern bin, wende ich mich an euch.

Es handelt sich um Windows Vista. Anbei die Logfiles von OTL:

Code:

ATTFilter

OTL logfile created on: 15.03.2012 11:34:33 - Run 2
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\Media\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,46% Memory free
4,22 Gb Paging File | 3,87 Gb Available in Paging File | 91,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 55,91 Gb Free Space | 49,97% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 58,71 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
 
Computer Name: LENA | User Name: Media | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.15 10:57:36 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Media\Downloads\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.12 12:46:06 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Media\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.06.28 10:54:42 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.10.26 06:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.02.17 14:30:47 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.12 07:24:12 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009.11.28 20:33:03 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2008.09.30 03:40:24 | 000,050,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008.02.25 09:59:12 | 000,101,504 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.10.31 17:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.10.17 07:48:46 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2007.06.06 07:21:32 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.14 01:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 09:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2002.09.19 21:07:50 | 000,034,683 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Pei16Wdm.sys -- (Pei16Wdm)
DRV - [2002.08.15 09:20:04 | 000,035,547 | ---- | M] (EIBA s.c.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Pei10Wdm.sys -- (Pei10Wdm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.gmx.net/home [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{0F7848E4-A58F-4560-A967-30A39B5AEE73}: "URL" = hxxp://go.web.de.anonymize-me.de/?anonymto=687474703A2F2F676F2E7765622E64652F73756368626F782F736D61727473686F7070696E672F3F736561726368546578743D7B7365617263685465726D737D266D633D736561726368706C7567696E407375636865406D7369652E7375636865407072656973766572676C65696368&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{16930AA1-A2FB-409A-A8AC-E82EF31245D8}: "URL" = hxxp://suche.gmx.net.anonymize-me.de/?anonymto=687474703A2F2F73756368652E676D782E6E65742F7365617263682F7765622F3F73753D7B7365617263685465726D737D266D633D736561726368706C7567696E407375636865406D7369652E737563686540776562266F726967696E3D736561726368706C7567696E&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{2B66E389-188A-4BA2-A7AD-8C2E7C8BFD95}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{3277EDF5-32BF-4DB0-8E20-13973343AC48}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{382442B4-5F66-443C-AEAB-A8A196BD03F4}: "URL" = hxxp://search.1und1.de.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E31756E64312E64652F7365617263682F7765622F3F73753D7B7365617263685465726D737D266D633D736561726368706C7567696E407375636865406D7369652E737563686540776562266F726967696E3D736561726368706C7567696E&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{3E3753DF-9236-4B39-BE54-5178DA4C4F05}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{71E91FCD-1183-4319-A931-BC4C8B4080AC}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{C08EEB79-375C-4D2C-BD3E-CDE9F85720DC}: "URL" = hxxp://suche.web.de.anonymize-me.de/?anonymto=687474703A2F2F73756368652E7765622E64652F7365617263682F7765622F3F73753D7B7365617263685465726D737D266D633D736561726368706C7567696E407375636865406D7369652E737563686540776562266F726967696E3D736561726368706C7567696E&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{C92BF729-1CF1-40C4-BA59-4746E3ADD2B9}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\..\SearchScopes\{EB998A27-7B24-47D2-88F0-8B974D7BA75A}: "URL" = hxxp://go.gmx.net.anonymize-me.de/?anonymto=687474703A2F2F676F2E676D782E6E65742F73756368626F782F616D617A6F6E2F3F6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&k=1
IE - HKCU\..\SearchScopes\{F6A790E4-19F0-4108-8B02-7DE8B41C6F58}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=10b01a28-71c6-4ebd-a4d2-0f6a53eedf70&pid=icqt&mode=bounce&k=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "WEB.DE Suche"
FF - prefs.js..browser.search.order.3: "1und1 Suche"
FF - prefs.js..browser.search.order.4: "amazon.de"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.mieser-kerwe.de/neu/"
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.mieser-kerwe.de/neu/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.21 17:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 20:54:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.16 21:35:20 | 000,000,000 | ---D | M]
 
[2009.02.25 19:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Extensions
[2011.07.25 17:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\mesxwzfk.default\extensions
[2010.04.27 19:55:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\mesxwzfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.08 13:27:21 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\mesxwzfk.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.27 17:38:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Media\AppData\Roaming\mozilla\Firefox\Profiles\mesxwzfk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.12 12:46:13 | 000,005,757 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\1und1-suche.xml
[2011.06.12 12:46:13 | 000,001,558 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\amazonde.xml
[2009.10.19 18:29:44 | 000,002,515 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\askcom.xml
[2011.06.12 12:46:13 | 000,010,769 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\gmx-suche.xml
[2011.06.12 12:46:13 | 000,001,097 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\icqplugin-1.xml
[2011.06.12 12:46:13 | 000,001,114 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\icqplugin.xml
[2011.06.12 13:16:10 | 000,001,266 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\kikin-search.xml
[2011.06.12 12:46:13 | 000,004,220 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\sweetim.xml
[2011.06.12 12:46:13 | 000,005,748 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\webde-suche.xml
[2011.06.12 12:46:13 | 000,024,033 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{2664058A-0F80-4CAB-8F34-1844C59DB235}.xml
[2011.06.12 12:46:13 | 000,002,182 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{8FFD1476-8C56-4A40-AC17-62616F4405BB}.xml
[2011.06.12 12:46:13 | 000,002,071 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{C066A440-1F14-417C-8101-91EC5C0AE368}.xml
[2011.06.12 12:46:13 | 000,002,516 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{D62FAE87-B2D4-4C1D-AAAB-36D84A2EDFBD}.xml
[2011.06.12 12:46:13 | 000,001,864 | ---- | M] () -- C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\mesxwzfk.default\searchplugins\{DD65EBBB-6D84-4669-954A-904A847B810E}.xml
[2012.02.17 20:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.02.08 13:26:58 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2012.02.17 20:54:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.04 20:01:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 20:01:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 20:01:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 20:01:47 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 20:01:47 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 20:01:47 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google-Suche = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Google Mail = C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.06.12 12:48:32 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Media\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup File not found
O4 - HKCU..\Run: [SkypeM] C:\Users\Media\AppData\Local\Skype\Skype.exe (Jacal Consulting)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35A9DABF-A158-481D-9D93-38138C14299D}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D0EDC8F-F796-434C-ACBD-827BB17CACE2}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img6.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{90c5fdb0-a49d-11de-bd7a-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{90c5fdb0-a49d-11de-bd7a-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9b6163b2-f42c-11e0-b37b-001377b1e583}\Shell - "" = AutoRun
O33 - MountPoints2\{9b6163b2-f42c-11e0-b37b-001377b1e583}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a67d3fc6-a785-11de-83a6-001377b1e583}\Shell - "" = AutoRun
O33 - MountPoints2\{a67d3fc6-a785-11de-83a6-001377b1e583}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a67d3fc9-a785-11de-83a6-001377b1e583}\Shell - "" = AutoRun
O33 - MountPoints2\{a67d3fc9-a785-11de-83a6-001377b1e583}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{dd2b13f8-a39f-11de-b137-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{dd2b13f8-a39f-11de-b137-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{dd2b1404-a39f-11de-b137-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{dd2b1404-a39f-11de-b137-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df2aa4a1-3b96-11de-8b55-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{df2aa4a1-3b96-11de-8b55-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{df2aa4b6-3b96-11de-8b55-001377b1e583}\Shell - "" = AutoRun
O33 - MountPoints2\{df2aa4b6-3b96-11de-8b55-001377b1e583}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e4e0cc75-a424-11de-81a1-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{e4e0cc75-a424-11de-81a1-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f7c3c22e-a45d-11de-8aab-001f3c97b4ea}\Shell - "" = AutoRun
O33 - MountPoints2\{f7c3c22e-a45d-11de-8aab-001f3c97b4ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.15 10:46:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.15 10:15:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.15 10:15:08 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 20:20:20 | 000,699,478 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.12 20:20:20 | 000,654,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.12 20:20:20 | 000,155,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.12 20:20:20 | 000,126,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.12 17:08:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.02.27 20:06:51 | 000,067,584 | ---- | M] () -- C:\Users\Media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.19 12:36:01 | 000,382,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.17 14:30:47 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.04 18:16:20 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.01.04 18:16:19 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.01.04 18:15:21 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.04 18:13:38 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2012.01.04 18:13:23 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.06.16 21:51:52 | 000,126,092 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.05.08 08:06:29 | 000,000,035 | ---- | C] () -- C:\Windows\Wmv.INI
[2010.03.20 09:39:41 | 000,000,148 | ---- | C] () -- C:\Windows\bg10_cd.ini
 
========== LOP Check ==========
 
[2010.11.15 20:43:24 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DVDVideoSoft
[2011.05.15 11:57:21 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.08 09:53:31 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\EIBA sc
[2011.07.25 17:03:01 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Epson
[2010.05.25 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\everpixx
[2012.01.15 17:10:56 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\ICQ
[2010.02.16 19:25:11 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\McLoad
[2009.10.19 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\OCS
[2009.10.19 18:29:45 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Opera
[2009.02.26 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PeerNetworking
[2010.11.23 21:54:06 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Philipp Winterberg
[2010.09.13 21:32:02 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\PhotoScape
[2009.02.25 15:50:10 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\T-Online
[2009.02.25 15:29:11 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\Template
[2009.12.22 14:06:01 | 000,000,000 | ---D | M] -- C:\Users\Media\AppData\Roaming\VistaCodecs
[2012.03.12 17:08:42 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.11.29 02:34:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.05.26 14:21:32 | 000,000,000 | ---D | M] -- C:\avs contents
[2009.11.16 21:18:29 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.04 18:13:38 | 000,000,000 | ---D | M] -- C:\Brother
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.11.29 01:21:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.05.26 12:16:49 | 000,000,000 | ---D | M] -- C:\Intel
[2009.05.07 21:44:08 | 000,000,000 | ---D | M] -- C:\Microsoft Office
[2008.05.26 12:30:46 | 000,000,000 | ---D | M] -- C:\MyWorks
[2011.09.04 17:22:32 | 000,000,000 | ---D | M] -- C:\Netgear
[2009.10.06 21:59:11 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.03.12 20:38:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.22 20:17:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.02.06 12:28:19 | 000,000,000 | ---D | M] -- C:\ProgramDataMedia
[2008.11.29 01:21:38 | 000,000,000 | -HSD | M] -- C:\Programme
[2008.05.26 12:38:33 | 000,000,000 | ---D | M] -- C:\Samsung
[2009.06.26 10:41:35 | 000,000,000 | ---D | M] -- C:\SiLabs
[2012.03.12 20:44:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.02.26 21:12:22 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.12 20:41:05 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2009.11.24 16:49:06 | 131,342,137 | ---- | M] (                                                             ) -- C:\Program Files\MCT10_build_808.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.05.26 13:28:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2008.05.26 13:29:22 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008.05.26 13:29:22 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008.05.26 13:29:21 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2008.05.26 13:28:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2008.05.26 13:28:10 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.05.26 13:43:50 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2008.05.26 13:43:50 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.05.26 13:09:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.05.26 13:09:28 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.05.26 13:09:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.05.26 13:09:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.03.01 22:23:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.01 22:23:22 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.01 22:23:21 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.05.26 12:59:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.05.26 12:59:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.01 22:23:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.05.26 12:42:50 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.05.26 12:42:50 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2006.10.05 09:45:48 | 000,466,944 | ---- | M] () -- C:\Users\Media\bubbles.pps
[2012.03.15 11:31:03 | 003,407,872 | -HS- | M] () -- C:\Users\Media\NTUSER.DAT
[2012.03.15 11:31:03 | 000,262,144 | -H-- | M] () -- C:\Users\Media\ntuser.dat.LOG1
[2008.11.29 01:31:31 | 000,000,000 | -H-- | M] () -- C:\Users\Media\ntuser.dat.LOG2
[2012.03.15 10:46:01 | 000,065,536 | -HS- | M] () -- C:\Users\Media\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.07.11 16:05:48 | 000,524,288 | -HS- | M] () -- C:\Users\Media\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.03.15 10:46:01 | 000,524,288 | -HS- | M] () -- C:\Users\Media\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.11.29 01:31:31 | 000,000,020 | -HS- | M] () -- C:\Users\Media\ntuser.ini
[2010.10.28 13:17:40 | 000,064,788 | ---- | M] () -- C:\Users\Media\opa.pdf
[2010.04.12 07:24:14 | 000,000,172 | R--- | M] () -- C:\Users\Media\Router Login.url
[2011.09.04 17:21:45 | 000,006,055 | ---- | M] () -- C:\Users\Media\Router_Setup.html
[2010.01.11 13:06:23 | 000,017,692 | ---- | M] () -- C:\Users\Media\speedport.ip-prn_status_uebersicht_ass.tif
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >

OTL-Extras:

Code:

ATTFilter

OTL Extras logfile created on: 15.03.2012 11:08:13 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Users\Media\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 66,07% Memory free
4,21 Gb Paging File | 3,76 Gb Available in Paging File | 89,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 55,92 Gb Free Space | 49,98% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 58,71 Gb Free Space | 52,89% Space Free | Partition Type: NTFS
 
Computer Name: LENA | User Name: Media | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3725361268-1413183016-688153926-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0737D557-8FCB-4D9C-B3F9-4E179D31C3F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0ADC817D-6889-4E7E-91FF-DF522A6A8376}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0D8DE01B-DC02-4B3A-A5EA-FEE793D2E912}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{10620717-BA4B-48C8-BDB4-00EE7E37454C}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{180DEA49-76F1-4661-9529-9CB114E37CF6}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{2DBF1EE4-9CF6-4A19-9D27-D3515FFEF5D4}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{2E403A1F-C2E2-445A-AD7B-C6B0DC024276}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{45FCA90E-8ECD-49C5-A46E-2074A54372CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{50B82E60-4CFA-49F6-9EE4-135295609934}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{5A978A49-886A-4ECE-8DC4-46D6BAADE98D}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{660397F4-BDF0-4710-A5F7-0443AC09588F}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{6F6E6E68-A5BC-4486-8E65-3217AC906000}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{7191504F-AD68-4337-BFCF-4AA94E2266A6}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{73D3A291-7641-4365-9CDA-A21CA4C7E319}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{7BEDD542-F97F-4349-9FA8-45475F985A72}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{8412F64F-2771-4F08-A67A-C0335787D2CD}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{85D9766E-BE07-4DAA-B420-0403081B2A4B}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{8CA4BAC5-50E0-422D-B786-740F3F99BA3C}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{A1C1F1CC-97C4-4F37-8BAF-64775A9693EE}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{AC9B3A3B-5E22-43D5-905B-998FF65028C5}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{B633CB4E-B990-42B3-87A8-CA76983BE125}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{C921E2F0-F7F1-498B-993C-978A2A74CCB1}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{D2B10039-EA8D-423E-8130-4658AFA0CFFA}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{D58715E6-A246-4CA2-8A38-EB0A2D199AAF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{DAE64C2D-4655-4246-96FF-D29F3676B595}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{DD2E9FF1-8FAE-4CB7-A785-4D2DF9A5B4FF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{EA23D867-9AAC-4A8B-9097-3432664B7866}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EEF0B820-020E-446F-A2AC-A57B2DB44B10}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{F21C4C51-1999-4AAB-A8D7-1A54DA8E6955}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04873BD6-F124-42F5-94B6-E6E911F94A13}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0937D969-05F1-4C3A-BE8E-4D87C71F8975}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{1A925E5E-48A9-4417-ADF6-6FD81A9F0A60}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1C2D6479-7C54-44D4-80A6-2A7304D85AA7}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{1CB61810-86A8-4ADA-8949-A0BA7021A957}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1D48CDAD-56AD-4146-BDAB-B9B06C6369A4}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{1DEE172A-7CCC-4360-9AA4-78D46D720B81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2202733D-F855-4218-922E-8D4261475BED}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{223A3112-B439-4C61-BF37-78130ABBA206}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{22958CE3-2D33-4558-8AD6-74B741466DAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23F36C7F-23BE-4F0E-9916-3DDB6220BAD3}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{2869BF6C-1E2B-483A-BEDC-4EFF04670D25}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{3F9B88DD-00EB-40DC-B3AF-6DD8B5B4EEB4}" = protocol=17 | dir=in | app=c:\users\media\downloads\sweetimsetup.exe | 
"{41CE2CA8-9761-4EC2-8846-07F878634323}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{4C7C9A32-DD7C-4EAA-947E-3DAFF140D7EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5FD79B18-81F0-416B-8481-FA254AA9F940}" = protocol=17 | dir=in | app=c:\users\media\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{61368F4A-1485-4D9E-A437-14B94B222118}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{64A631E4-0D4A-4936-B1EC-506E1E7A32A7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6610ED7E-A5DB-4A76-BA97-E63CBB76B167}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{692D1924-BA4D-447D-899F-8553B49DFCC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{808889EC-9340-4B7D-AEC5-9F9364C263BD}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8FB354CF-A18F-49A1-B683-3E4A89B415B4}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{91A0E909-90AB-479A-BC0D-5DE4FF29BB54}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{98D11CFE-91BF-4D0C-A836-60BB5BCD2BC4}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{99EA8714-78CC-45CA-8283-2CD10311345E}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{9B1D7C94-3E79-45B4-BFE0-613121C92182}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A5738C7D-AA90-4E3C-BBB9-3EAE11209E29}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A9345776-6F19-4B83-A385-A0F437EC5BA4}" = protocol=6 | dir=in | app=c:\users\media\downloads\sweetimsetup.exe | 
"{B830EAD1-28C8-4872-94D8-3EA0E1609227}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{BB99AFD8-7698-48E9-B5A4-DFC95B600C06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BC2B8362-CCE1-4130-BADB-459DAF972BB8}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C8E64263-EAAB-4A72-8E3B-DE391DB09AA7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D94DE902-4194-475F-B07B-6B3AE29B7CD2}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{DD8CC29E-047A-4B8C-8306-2DEB2838A7F9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E0186368-1926-4A52-8C4D-F022057C4EF6}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{EAF38E8C-ACBC-4494-BDFD-DA0300809CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F8BB1DD0-A436-4FC2-B549-D966BC7D5A80}" = protocol=6 | dir=in | app=c:\users\media\appdata\local\temp\sweetimreinstall\sweetimsetup.exe | 
"{F8DC1F78-20A0-46DC-99F1-3F40D1F0D120}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{07CD672D-C3C3-4569-BAD7-52FD1979EDDC}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{290AB24F-9FA8-411B-BAB1-6D740F386C2E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{30FBFE45-DD4A-44EA-8142-8EF0BFCAEFFD}C:\users\media\desktop\lpc simulator\lcpsim.exe" = protocol=6 | dir=in | app=c:\users\media\desktop\lpc simulator\lcpsim.exe | 
"TCP Query User{3E754730-8FB2-4F42-A5F3-E895D622AB25}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{41510B58-94D6-4997-9514-2E5663E4031F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{45BDE7F1-7F53-44B4-AB1D-8D24F794AA00}C:\elcom\zplan21\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\elcom\zplan21\apps\rteng9.exe | 
"TCP Query User{499941AF-8FEB-4106-AC5B-CEE8EFF1098A}C:\elcom\5.0\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\elcom\5.0\apps\rteng9.exe | 
"TCP Query User{4AE9B865-B809-4E07-91A0-1972775EC497}C:\5.1\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\5.1\apps\rteng9.exe | 
"TCP Query User{804EAF40-DD55-4697-8CD4-C48A80EA9048}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{821AA6B8-CB75-4DE3-8BA4-EBC5F6B20912}C:\elcom\5.0\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\elcom\5.0\apps\rteng9.exe | 
"TCP Query User{8E0E50C8-7CB3-465B-BF0B-C536758C4DE7}C:\5.1\apps\rteng9.exe" = protocol=6 | dir=in | app=c:\5.1\apps\rteng9.exe | 
"TCP Query User{95026B42-1BC3-442F-A0D8-D56F3F89874E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{2273171A-C749-43FE-B0D9-EB76735DB335}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{22FCF778-77AF-42E7-964B-2CA95955294F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{4C224502-C728-4140-A440-BCF093C640E2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{4F394350-2F07-4C01-AD2F-AE8C823142F2}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{5074BD08-9798-4A11-84E6-20346E9BF000}C:\5.1\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\5.1\apps\rteng9.exe | 
"UDP Query User{53A5C706-37FD-4589-B90A-57581B636309}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{71E66690-0294-48EE-AE1A-0113B90B08AA}C:\elcom\5.0\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\elcom\5.0\apps\rteng9.exe | 
"UDP Query User{75EAA40C-3766-4D0B-A1BA-C4283FFE7F31}C:\users\media\desktop\lpc simulator\lcpsim.exe" = protocol=17 | dir=in | app=c:\users\media\desktop\lpc simulator\lcpsim.exe | 
"UDP Query User{A91887D3-3F43-4165-ACB1-85CC9032C19C}C:\5.1\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\5.1\apps\rteng9.exe | 
"UDP Query User{C7897FFA-5287-419B-A4C0-384F3DAD3C93}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{DD219F2C-84E0-4E28-B284-741F22CD35DC}C:\elcom\zplan21\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\elcom\zplan21\apps\rteng9.exe | 
"UDP Query User{EB3E46C7-8DD5-4343-9CA2-40926461225D}C:\elcom\5.0\apps\rteng9.exe" = protocol=17 | dir=in | app=c:\elcom\5.0\apps\rteng9.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5500
"{0501771F-0548-4A7D-898D-DB614E5D10E6}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5242 Banner Remover 1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{6554815C-24E2-4B54-AE6D-E3BB0D824043}" = INFORM
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B162D64-3A0E-48BE-AE08-CD2EB84CCE50}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista_2 (c:\SiLabs\MCU_2)
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe  1.8.15.1
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite MFC-J265W
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Elcom 5.1" = Hager - Tehalit 5.1
"ElcomPdf Port Monitor" = ElcomPdf
"EPSON SX210 Series" = Druckerdeinstallation für EPSON SX210 Series
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.37.426
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NSS" = Norton Security Scan
"ProInst" = Intel(R) PROSet/Wireless Software
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VDE-Anwendungsprogramm" = VDE-Anwendungsprogramm 8.0.18.0
"VLC media player" = VLC media player 1.1.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2012 05:19:14 | Computer Name = Lena | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/15 10:19:14.061]: [00003188]: GetDeviceIpAddress:
 GetAddressByName [BRW0022587137A9] Error  
 
Error - 15.03.2012 05:19:49 | Computer Name = Lena | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/15 10:19:49.286]: [00003188]: GetDeviceIpAddress:
 GetAddressByName [BRW0022587137A9] Error  
 
Error - 15.03.2012 05:20:24 | Computer Name = Lena | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/15 10:20:24.510]: [00003188]: GetDeviceIpAddress:
 GetAddressByName [BRW0022587137A9] Error  
 
Error - 15.03.2012 05:20:59 | Computer Name = Lena | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/03/15 10:20:59.735]: [00003188]: GetDeviceIpAddress:
 GetAddressByName [BRW0022587137A9] Error  
 
Error - 15.03.2012 05:22:54 | Computer Name = Lena | Source = EventSystem | ID = 4609
Description = 
 
Error - 15.03.2012 05:47:20 | Computer Name = Lena | Source = EventSystem | ID = 4609
Description = 
 
Error - 15.03.2012 06:02:48 | Computer Name = Lena | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2012 06:02:58 | Computer Name = Lena | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2012 06:10:05 | Computer Name = Lena | Source = System Restore | ID = 8193
Description = 
 
Error - 15.03.2012 06:10:16 | Computer Name = Lena | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 15.03.2012 05:23:34 | Computer Name = Lena | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2012 05:23:34 | Computer Name = Lena | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2012 05:23:50 | Computer Name = Lena | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2012 05:47:09 | Computer Name = Lena | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2012 05:47:09 | Computer Name = Lena | Source = LSM | ID = 1048
Description = 
 
Error - 15.03.2012 05:47:11 | Computer Name = Lena | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2012 05:47:20 | Computer Name = Lena | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2012 05:47:28 | Computer Name = Lena | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2012 05:47:37 | Computer Name = Lena | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 15.03.2012 05:47:37 | Computer Name = Lena | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

Würde mich natürlich über schnelle Hilfe freuen, da die Gute bald auf Mittagsschicht muss. Viel interessanter fände ich aber, wie der Trojaner genau heißt. Ob es sich um ein selbstausführendes Javascript oder wasweißich handelt. Bin eben auch neugierig. Danke schon mal! =)

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung

Log-Analyse und Auswertung: Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung

Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung

Ähnliche Themen: Trojaner: Blackscreen, Windows "gesperrt", Zahlungsaufforderung