Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
USB Stick zeigt nur noch Verknüpfungen an

USB Stick zeigt nur noch Verknüpfungen an


Log-Analyse und Auswertung: USB Stick zeigt nur noch Verknüpfungen an

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.11.2011, 18:28   #1
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an


Hallo, mein Problem ist folgendes:
Ich habe den USB-Stick eines bekannten angeschlossen um MP3 Dateien darauf zu kopieren. Dies funktionierte noch ganz normal. Als mein bekannter den Stick jedoch an seinen Rechner ansteckte, zeigte dieser nur noch Verknüpfungen mit einer Dateigrösse von 2Kb an. Das selbe Problem hatte ich als ich meinen eigenen Stick an meinem Rechner ansteckte. Darauf hin habe ich den Stick formartiert und danach wieder mit Mp3 Dateien vollgeladen. Das Problem wurde jedoch damit nicht behoben. Als nächstes habe ich versucht meinen Rechner auf Malware zu überprüfen mit dem Programm "Malwarebytes". Beim Scan mit eben genannten Programm wurden auch identifizierte Dateien gefunden, die ich Postwendend auch gleich entfernt habe. Den Log des Scans habe hier:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8061

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

01.11.2011 17:20:54
mbam-log-2011-11-01 (17-20-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165649
Laufzeit: 8 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
c:\Users\***\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> 3520 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Trojan.Agent) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\***\AppData\Local\Temp\0915287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\1875541.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\2444670.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\2544663.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\7168182.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\7988757.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\8375011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\9566287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\4056756.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\4069043.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\6208099.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Nachdem das Problem aber weiterhin besteht, habe ich mich entschlossen dieses Forum um Hilfe zu beten.
Ist mein Rechner immer noch infiziert bzw. kann ich die USB-Sticks überhaupt noch verwenden oder sollte ich mir neue besorgen?

OTL logfile created on: 02.11.2011 16:44:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis Schmid\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,86% Memory free
4,23 Gb Paging File | 3,17 Gb Available in Paging File | 75,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 65,45 Gb Free Space | 44,19% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 72,98 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive E: | 485,25 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: DENNISSCHMID-PC | User Name: Dennis Schmid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.02 16:40:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis Schmid\Downloads\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.10.29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.07.10 17:29:16 | 000,557,056 | ---- | M] (C&E) -- C:\Programme\C&E\OSD\osd.exe
PRC - [2007.05.03 23:00:00 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.05.03 23:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.22 17:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (No Company Name) ==========

MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ita.dll
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56esp.dll
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56brz.dll
MOD - [2006.11.22 17:31:30 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56kor.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ger.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56fra.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56dnk.dll
MOD - [2006.11.22 17:31:28 | 000,057,344 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56jpn.dll
MOD - [2006.11.22 17:31:28 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56cht.dll
MOD - [2006.11.22 17:31:28 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56chs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.03 23:00:00 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)


========== Driver Services (SafeList) ==========

DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.11 20:05:54 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.09.01 07:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.03 23:00:00 | 000,208,896 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2007.04.30 12:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.19 15:15:26 | 000,788,400 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007.04.04 04:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.02.25 05:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.01.30 08:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2006.11.22 17:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.18 12:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2004.11.01 09:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=home"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Dennis Schmid\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.29 14:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.29 14:51:50 | 000,000,000 | ---D | M]

[2008.11.01 13:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Extensions
[2011.11.02 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions
[2010.06.25 11:41:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.21 18:16:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.01 12:47:39 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.08.21 15:27:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.01 12:47:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com
[2011.06.30 18:53:50 | 000,000,873 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\conduit.xml
[2011.10.31 21:51:10 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-1.xml
[2010.06.28 17:57:49 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-2.xml
[2010.07.22 16:28:32 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-3.xml
[2010.07.25 12:32:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-4.xml
[2010.09.08 16:36:12 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-5.xml
[2010.09.17 13:27:23 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-6.xml
[2010.10.04 15:31:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-7.xml
[2010.10.29 12:17:40 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-8.xml
[2010.06.22 14:48:00 | 000,000,947 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin.xml
[2011.02.26 09:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.03 16:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 15:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.26 09:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008.12.09 13:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.06.08 19:10:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.12.08 17:25:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.06 16:47:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.11.03 16:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 15:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.26 09:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.08.19 13:16:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.19 13:16:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.19 13:16:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.19 13:16:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.19 13:16:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [recinfo450] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A52F4E-5D1C-4313-BE1F-83AF8DE3C015}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F311ACA8-8973-4405-8378-AB7C9A0BC48E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\Shell - "" = AutoRun
O33 - MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.01 17:09:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis Schmid\AppData\Roaming\Malwarebytes
[2011.11.01 17:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.01 17:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.01 17:09:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.01 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.31 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis Schmid\AppData\Local\Proxure
[2011.10.31 18:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2011.10.31 09:41:12 | 000,000,000 | RHSD | C] -- C:\Users\Dennis Schmid\M-1-52-5782-8752-5245
[2011.10.22 07:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.21 14:22:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis Schmid\AppData\Roaming\Avira
[2011.10.21 14:21:00 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.21 14:21:00 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.21 14:21:00 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.21 14:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.21 14:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.14 23:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2011.10.14 23:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape

========== Files - Modified Within 30 Days ==========

[2011.11.02 16:36:09 | 000,000,000 | ---- | M] () -- C:\Users\Dennis Schmid\defogger_reenable
[2011.11.02 16:11:10 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.02 16:11:10 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.02 16:11:10 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.02 16:11:10 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.02 16:05:20 | 000,519,890 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.02 16:05:12 | 000,519,890 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.02 16:05:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 16:05:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 16:04:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.02 16:04:54 | 2145,820,672 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.01 19:08:59 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.01 17:09:18 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.27 21:08:17 | 000,112,682 | ---- | M] () -- C:\Users\Dennis Schmid\Desktop\01_suicide_geisha_bg.jpg
[2011.10.27 18:22:07 | 000,011,264 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.15 13:29:09 | 000,296,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.15 00:29:29 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

========== Files Created - No Company Name ==========

[2011.11.02 16:36:09 | 000,000,000 | ---- | C] () -- C:\Users\Dennis Schmid\defogger_reenable
[2011.11.01 17:09:18 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.27 21:08:13 | 000,112,682 | ---- | C] () -- C:\Users\Dennis Schmid\Desktop\01_suicide_geisha_bg.jpg
[2011.10.15 00:29:29 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.01.04 16:43:35 | 000,000,680 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Local\d3d9caps.dat
[2010.12.15 16:24:11 | 000,519,890 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.12.15 16:24:11 | 000,519,890 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.03 11:14:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.03 10:30:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.03 10:30:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.21 17:19:06 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.01.15 18:47:31 | 000,268,468 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\UserTile.png
[2009.01.07 20:52:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.05.28 19:56:17 | 000,001,488 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\wklnhst.dat
[2008.03.18 18:41:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.03.18 18:35:51 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.09 17:24:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.12.27 13:45:38 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.12.24 19:59:58 | 000,253,189 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\nvModes.001
[2007.12.24 19:24:23 | 000,011,264 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.24 19:13:50 | 000,253,189 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\nvModes.dat
[2007.12.24 18:53:23 | 000,000,101 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Local\fusioncache.dat
[2007.10.24 10:00:48 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.10.24 09:27:21 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2007.10.24 09:20:21 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2006.11.02 16:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,296,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

========== LOP Check ==========

[2011.02.07 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\DVDVideoSoft
[2009.09.27 11:48:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\LG Electronics
[2010.10.01 13:48:01 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\NCH Swift Sound
[2011.01.04 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\SoundSpectrum
[2007.12.24 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\T-Online
[2008.05.28 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Template
[2010.07.22 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Tobit
[2010.10.25 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Uniblue
[2011.11.01 19:08:59 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2007.12.28 18:38:32 | 000,000,000 | ---D | M] -- C:\$fsctmp
[2008.11.23 17:30:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.07.22 20:21:10 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2010.06.13 15:31:18 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.12.24 18:21:06 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.02.12 18:58:26 | 000,000,000 | R--D | M] -- C:\DRIVER
[2010.09.11 10:47:00 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.02.12 18:58:26 | 000,000,000 | ---D | M] -- C:\FirstSteps
[2007.10.24 09:31:15 | 000,000,000 | ---D | M] -- C:\fsc-world
[2007.10.24 09:27:34 | 000,000,000 | ---D | M] -- C:\Intel
[2008.02.12 18:58:26 | 000,000,000 | R--D | M] -- C:\MANUAL
[2007.10.24 09:43:27 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.02.12 18:58:27 | 000,000,000 | ---D | M] -- C:\nero
[2007.10.24 09:46:55 | 000,000,000 | ---D | M] -- C:\Off2007HStTrial
[2010.05.31 17:11:46 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.01 17:09:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.01 17:09:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.12.24 18:21:06 | 000,000,000 | -HSD | M] -- C:\Programme
[2007.10.24 09:47:33 | 000,000,000 | ---D | M] -- C:\RecInfo
[2009.09.27 11:53:29 | 000,000,000 | ---D | M] -- C:\Sounds
[2011.11.02 16:46:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.10.24 20:55:00 | 000,000,000 | ---D | M] -- C:\TMP
[2010.09.09 12:30:21 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.15 00:23:10 | 000,000,000 | ---D | M] -- C:\Windows
[2007.10.24 09:48:27 | 000,000,000 | ---D | M] -- C:\Works
[2007.10.24 08:29:08 | 000,000,000 | ---D | M] -- C:\x86

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.12.24 18:53:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.12.24 18:53:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-01 12:35:20

< >

< End of report >

OTL Extras logfile created on: 02.11.2011 16:44:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis Schmid\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,86% Memory free
4,23 Gb Paging File | 3,17 Gb Available in Paging File | 75,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 65,45 Gb Free Space | 44,19% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 72,98 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive E: | 485,25 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: DENNISSCHMID-PC | User Name: Dennis Schmid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A980F6-4B9E-46CA-9CDA-1F966CB0AEE4}" = lport=5358 | protocol=6 | dir=in | app=system |
"{0277DD41-384B-43F9-99E1-7A9228065009}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{078F75C2-89CB-4C12-A072-192EBFC54CF2}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{1127C19E-66D1-459B-BF51-9FD132859AB6}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1F21AAA5-B535-4212-978A-7648F644E247}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28C9FACF-A8E3-45F8-93AE-C2BFE354A504}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2939D29A-72FE-453D-96CF-794D6AB595B9}" = lport=3390 | protocol=6 | dir=in | app=system |
"{29FDDF81-B19B-481C-9D6F-704207498734}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A9F29BD-12EB-4726-9448-9F20790DFE80}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AD50DC0-F85D-46A9-99C0-FA54DB99B634}" = lport=3390 | protocol=6 | dir=in | app=system |
"{331F58BF-52B7-4C26-B03B-45F1343A7CD3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{33AD4395-A117-4A66-BDA4-BD1B97472BCC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CA8119E-D5A3-46C7-A18C-847F19E3FB42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F759FE7-4452-4F71-9FB7-9A6B21FC3B4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C6699C4-3749-45FC-95FE-A9132CBF27EA}" = lport=10244 | protocol=6 | dir=in | app=system |
"{52EA5C38-40B5-44DC-BEA4-8160A4CF111A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{569AF1EE-50A8-4523-A291-AB8B1F8EB505}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5807ABB5-AFB6-4A1D-A1D2-E4A2E08AC828}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6252D1E1-B677-450A-AD7B-54A4E906F4B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6285F2EE-C7C6-48C0-B8A7-FBADA42660E2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{65EC4AF7-639C-4346-B0B5-0F8D446497CC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67121401-6723-4AEA-B98C-AE9E85C19FB3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{67DCA0B1-BAE7-44BC-BE55-B3396AB43C66}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{691D2196-E30E-4837-912D-59EAD71C3DF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6BD3BAEC-F26E-4D7E-B544-89958AC62606}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{819AF93C-1FC3-4028-82C9-8DD42E46638B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8983AE0E-D8D0-4E23-8FE1-455A615E1BF5}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{8C25AA3E-C910-4DF4-894B-2ED058EB4F2F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8CBF1CEC-7007-4DF2-8E69-5075CA06C32B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99AD0019-A04E-40A3-8CFD-FD8892087DD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9D0B2AB1-E822-4FFD-8472-DBFFEEB71E6B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A2A6A518-E690-4B5B-ACD0-5A2204E87BF7}" = rport=5357 | protocol=6 | dir=out | app=system |
"{A64F51E6-95C4-44B7-9EE8-FED7EB6DFDED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A94D5140-C03F-4034-BDC2-A5EB69CAC490}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AB677C43-0188-4298-A644-8E78A3E76D43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AB909A98-5160-4B6C-A4F1-EE35EA5D3B15}" = lport=5357 | protocol=6 | dir=in | app=system |
"{AFB46853-923C-479A-889B-4337D192981F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B15129A1-D8F7-4040-B551-F94A6D13C22F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3D2A3C1-578D-40ED-849D-06609A4E2BFA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B88D653D-8D15-4088-A514-25A6723488B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB9D89F6-46C5-42A6-9879-BF928CE414C7}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{CA9F6AD9-3F55-4512-8D69-33021F96DE7F}" = rport=5358 | protocol=6 | dir=out | app=system |
"{CB42FD7D-3011-47F3-8AB1-0D4475B4930F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB56DC84-6B36-417D-BFEA-83C8977CB557}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D6DFAEA5-A53D-4262-95D7-34115F38C016}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E03F23CB-E96F-466F-A3C6-893692FECCF7}" = lport=445 | protocol=6 | dir=in | app=system |
"{E82497D3-FD1E-46AB-ADA6-C2ED963187FD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F75F9965-201D-4866-9DA6-A3D1B120B9E4}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AD158D-6629-4F7F-B5C8-D4087FE9CC5D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{01DA9E15-57ED-49D7-BF04-A8B44A4F9B10}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{0ED1E55B-8820-4B60-A162-7B2F30EB5A90}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{196D4D42-E6D8-4746-9D4A-597BA670EA85}" = protocol=6 | dir=out | app=system |
"{1BD9016D-AF95-4B07-835F-AE5CEA9B9E5E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1EA4FD14-69C3-4F64-A70B-B147AF0BC520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ED785FD-3923-4795-A745-78A8B50884B5}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{28B7C6D2-6125-433B-A3EE-D59FC31B976B}" = protocol=6 | dir=out | app=system |
"{34A5FDAA-8C80-4CDE-92D4-E9ACAEEB6B0E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{382532EF-A3BD-41A7-A254-595009B619C2}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{3F7E9C03-1B3D-4071-912D-EF8DD09A4093}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3FBEA370-CC1D-4CC8-94FB-443BB6F0ED0D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{49F03849-F125-401C-ABE2-EFDAB22797E6}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{54653199-DE62-4D9A-A31C-D1B4414C86B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58C39914-7EAF-4D87-9FC5-9DC9F6B795C1}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{61D73BB3-B239-4F3B-92CC-5AE33033DAA1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6475ADA7-2F42-42DA-A81C-97E92024F0A3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{7086F5EE-0EAD-4BD0-B863-38BB4927C97F}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{787AB492-B179-479E-913C-DFC9B84A23BB}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{78908816-E567-4459-A6E6-B8A867B56994}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{792E3739-767F-4BF9-BBCA-33743F00F3C3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{80487DF5-8316-40EC-9B8F-782013A3B736}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{80C77A59-351A-4D77-9E1B-DF9362B03FE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{82CB6B91-CAB3-4497-986F-7DBD7D49FF6E}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{9D645A78-E995-45BC-BF68-9EC151C94B7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A19BB84D-DCD2-4A63-A078-0C0C93252853}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{A38329F5-9327-492F-B730-35F49BF7CB1B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A89CD155-C3B1-4ACA-8CE9-AC1477FDFBA5}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{AC265128-F7F1-4B2F-B806-61171AF52E0D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{BAA8C1E6-D3E5-4A68-96E1-36A55951A720}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C440599A-9C31-448B-B6B8-4476C34C912A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C81AB3A4-6898-44CD-A514-3F46C1CF8CCD}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{CAF7511F-13D0-4F03-A621-524100B9A8A6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{CB3743A7-FC7D-4D8E-BE48-55B5AC70E0B3}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D54AF0C1-2AD2-47A4-87F7-7DD2AEA2A6CE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DA2679EB-31EC-481C-B664-BE50431C96DF}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{DAA5F8C0-FF76-40EF-A7F2-C5852E9D259C}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{DC8AFE82-E979-49BE-84D7-15488ED8A522}" = protocol=6 | dir=out | app=system |
"{DC94186A-85FC-4EAD-A5D3-850E9498C5BC}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{DD770AB4-C648-4224-B8BD-1B65BCD1491B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{DDFF1B3C-15E9-4CCC-9672-7CBE0CB435B7}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{EBBDC959-3223-4440-B36C-F76861F9FEDD}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{EC2A82E1-B1CC-48D6-9AAF-1266914878D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ECF383F2-B7B8-4D22-9BC2-F6726324E795}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3B67293-DD57-4E71-850B-B48B29E08AF8}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F6F458DE-62F5-4304-9162-2E2D56818654}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{FEC8530A-EA64-4D76-9253-4FBFB914B3FF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"TCP Query User{1498E8E9-AFB5-4535-A0A4-5268C2D68F01}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{65498CD5-B918-4631-A61F-AF9917010372}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{79D5BFDC-B8C4-4031-83F6-C4A5D1B30866}C:\program files\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq\icq6.5\icq.exe |
"TCP Query User{7FB73176-6896-44CE-A87E-24C58CA6E66E}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"TCP Query User{A0146A10-FD74-4920-87CA-EF08CD11E2E5}C:\program files\icq\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq\icq6\icq.exe |
"TCP Query User{BEEC5DE3-78D8-44BF-BC07-878E5E7D41D4}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{E7B11093-FE74-41B4-A73E-C4A8B1FE3690}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{231995C8-A3A8-422C-9071-0ADE348D42C9}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"UDP Query User{3A378E28-22C3-4A73-8292-DD4DB07E7946}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{70E267DF-9F69-4C37-AC88-392D43FA853D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8404B085-66DA-4AA6-B189-8BBF039D586F}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{CA61C510-5A39-4A3B-AB20-E1684E70ACDC}C:\program files\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq\icq6.5\icq.exe |
"UDP Query User{EB8E0A5C-03AD-4D29-ADE7-3FF7389928F0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FDE15500-940A-4453-AA32-6884986A9A9F}C:\program files\icq\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq\icq6\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0590062B-1E79-4717-B1AC-45B6DCA43B36}" = GEAR driver installer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory und Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.14
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual Villagers" = Virtual Villagers (remove only)
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"YelsieJayHouse6Reloaded_is1" = eJay House 6 Reloaded

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23.04.2010 05:34:35 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23.04.2010 05:39:48 | Computer Name = DennisSchmid-PC | Source = WerSvc | ID = 5007
Description =

Error - 23.04.2010 08:10:54 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23.04.2010 08:10:54 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23.04.2010 08:15:47 | Computer Name = DennisSchmid-PC | Source = WerSvc | ID = 5007
Description =

Error - 24.04.2010 08:05:53 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24.04.2010 08:05:54 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24.04.2010 08:10:43 | Computer Name = DennisSchmid-PC | Source = WerSvc | ID = 5007
Description =

Error - 26.04.2010 12:26:19 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 26.04.2010 12:52:30 | Computer Name = DennisSchmid-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 09.09.2008 15:22:26 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:22:43 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:03 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:18 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:31 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:45 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:56 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:24:11 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:24:26 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:25:46 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

[ System Events ]
Error - 27.10.2011 18:21:19 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:19 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:20 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:20 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:20 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:21 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:21 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:31 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 31.10.2011 14:49:43 | Computer Name = DennisSchmid-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.10.2011 um 19:48:07 unerwartet heruntergefahren.

Error - 01.11.2011 12:20:52 | Computer Name = DennisSchmid-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-02 17:59:10
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 6iinvvoo.exe; Driver: C:\Users\DENNIS~1\AppData\Local\Temp\ffkoapoc.sys


---- System - GMER 1.0.15 ----

SSDT 904AAE16 ZwCreateSection
SSDT 904AAE20 ZwRequestWaitReplyPort
SSDT 904AAE1B ZwSetContextThread
SSDT 904AAE25 ZwSetSecurityObject
SSDT 904AAE2A ZwSystemDebugControl
SSDT 904AADB7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 822BE998 4 Bytes [16, AE, 4A, 90] {PUSH SS; SCASB ; DEC EDX; NOP }
.text ntkrnlpa.exe!KeSetEvent + 539 822BECBC 4 Bytes [20, AE, 4A, 90]
.text ntkrnlpa.exe!KeSetEvent + 56D 822BECF0 2 Bytes [1B, AE]
.text ntkrnlpa.exe!KeSetEvent + 570 822BECF3 1 Byte [90]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822BED54 4 Bytes [25, AE, 4A, 90]
.text ...

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0edde
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0fdd8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0fdd8@001a75f854ae 0xAD 0xCB 0x93 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0fdd8@0025e5350cd0 0xAE 0x73 0xF5 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0edde (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0fdd8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0fdd8@001a75f854ae 0xAD 0xCB 0x93 0x5D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0fdd8@0025e5350cd0 0xAE 0x73 0xF5 0xEC ...

---- EOF - GMER 1.0.15 ----

 

Themen zu USB Stick zeigt nur noch Verknüpfungen an
antivir, avira, bho, browser.exe, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, converter, desktop, error, excel.exe, firefox, google, home, iexplore.exe, install.exe, intranet, logfile, malware, microsoft office word, mp3, nvlddmkm.sys, office 2007, plug-in, policyagent, problem, programm, realtek, recycle.bin, registry, scan, security, security update, senden, software, svchost.exe, usb, vista


« Infiziert: Notebook läuft langsam, 100% Auslastung -> Log Datei | F-Secure fand mehrere Trojaner- Spiele stürzen ab, Firefox ebenfalls »


Ähnliche Themen: USB Stick zeigt nur noch Verknüpfungen an


  1. USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 01.09.2015 (64)
  2. Windows 8.1: PC zeigt auf USB-Stick nur Verknüpfungen anstatt die Dateien
    Log-Analyse und Auswertung - 09.07.2015 (9)
  3. USB-Stick nur noch mit Verknüpfungen
    Log-Analyse und Auswertung - 01.05.2015 (13)
  4. Mein USB-Stick zeigt nur noch Verknüpfungen an und ein unbekanntes Programm möchte Änderungen an meinem Computer vornehmen
    Plagegeister aller Art und deren Bekämpfung - 21.04.2015 (24)
  5. Usb Stick zeigt nur noch Ordner in Verknüpfungen an #2
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (33)
  6. USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (17)
  7. VBS/LNK.Knlobf - USB-Stick zeigt nur Verknüpfungen an
    Log-Analyse und Auswertung - 05.12.2014 (13)
  8. VBS/LNK.Knlobf - USB-Stick zeigt nur Verknüpfungen an
    Log-Analyse und Auswertung - 11.11.2014 (11)
  9. Windows 7: USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 27.08.2014 (3)
  10. Windows 7: USB-Stick zeigt nur noch Verknüpfungen an + avira hat TR/Crypt.ZPACK.82398 gefunden
    Log-Analyse und Auswertung - 13.08.2014 (23)
  11. Windows 7: USB Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 28.05.2014 (20)
  12. USB-Stick zeigt nur noch Verknüpfungen an-->Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (27)
  13. USB Stick zeigt Verknüpfungen an - Malware gefunden
    Log-Analyse und Auswertung - 07.12.2013 (9)
  14. Nur noch Verknüpfungen auf USB-STick
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (33)
  15. USB-Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 10.10.2013 (1)
  16. USB Stick zeigt nur Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 29.04.2013 (20)
  17. USB-Stick eines Freundes zeigt nur Verknüpfungen ....
    Plagegeister aller Art und deren Bekämpfung - 20.05.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema USB Stick zeigt nur noch Verknüpfungen an - Hallo, mein Problem ist folgendes: Ich habe den USB-Stick eines bekannten angeschlossen um MP3 Dateien darauf zu kopieren. Dies funktionierte noch ganz normal. Als mein bekannter den Stick jedoch an - USB Stick zeigt nur noch Verknüpfungen an...
Archiv
Du betrachtest: USB Stick zeigt nur noch Verknüpfungen an auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19