Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: USB Stick zeigt nur noch Verknüpfungen an

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.11.2011, 17:28   #1
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Hallo, mein Problem ist folgendes:
Ich habe den USB-Stick eines bekannten angeschlossen um MP3 Dateien darauf zu kopieren. Dies funktionierte noch ganz normal. Als mein bekannter den Stick jedoch an seinen Rechner ansteckte, zeigte dieser nur noch Verknüpfungen mit einer Dateigrösse von 2Kb an. Das selbe Problem hatte ich als ich meinen eigenen Stick an meinem Rechner ansteckte. Darauf hin habe ich den Stick formartiert und danach wieder mit Mp3 Dateien vollgeladen. Das Problem wurde jedoch damit nicht behoben. Als nächstes habe ich versucht meinen Rechner auf Malware zu überprüfen mit dem Programm "Malwarebytes". Beim Scan mit eben genannten Programm wurden auch identifizierte Dateien gefunden, die ich Postwendend auch gleich entfernt habe. Den Log des Scans habe hier:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8061

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

01.11.2011 17:20:54
mbam-log-2011-11-01 (17-20-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165649
Laufzeit: 8 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
c:\Users\***\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> 3520 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Trojan.Agent) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\***\AppData\Local\Temp\0915287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\1875541.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\2444670.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\2544663.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\7168182.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\7988757.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\8375011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\9566287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\4056756.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\4069043.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\6208099.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\***\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Nachdem das Problem aber weiterhin besteht, habe ich mich entschlossen dieses Forum um Hilfe zu beten.
Ist mein Rechner immer noch infiziert bzw. kann ich die USB-Sticks überhaupt noch verwenden oder sollte ich mir neue besorgen?

OTL logfile created on: 02.11.2011 16:44:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis Schmid\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,86% Memory free
4,23 Gb Paging File | 3,17 Gb Available in Paging File | 75,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 65,45 Gb Free Space | 44,19% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 72,98 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive E: | 485,25 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: DENNISSCHMID-PC | User Name: Dennis Schmid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.02 16:40:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis Schmid\Downloads\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.10.29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.07.10 17:29:16 | 000,557,056 | ---- | M] (C&E) -- C:\Programme\C&E\OSD\osd.exe
PRC - [2007.05.03 23:00:00 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.05.03 23:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.22 17:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (No Company Name) ==========

MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ita.dll
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56esp.dll
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56brz.dll
MOD - [2006.11.22 17:31:30 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56kor.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ger.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56fra.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56dnk.dll
MOD - [2006.11.22 17:31:28 | 000,057,344 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56jpn.dll
MOD - [2006.11.22 17:31:28 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56cht.dll
MOD - [2006.11.22 17:31:28 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56chs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.03 23:00:00 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)


========== Driver Services (SafeList) ==========

DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.11 20:05:54 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.09.01 07:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.03 23:00:00 | 000,208,896 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2007.04.30 12:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.19 15:15:26 | 000,788,400 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007.04.04 04:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.02.25 05:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.01.30 08:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2006.11.22 17:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.18 12:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2004.11.01 09:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=home"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Dennis Schmid\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.29 14:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.29 14:51:50 | 000,000,000 | ---D | M]

[2008.11.01 13:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Extensions
[2011.11.02 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions
[2010.06.25 11:41:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.21 18:16:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.01 12:47:39 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.08.21 15:27:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.01 12:47:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com
[2011.06.30 18:53:50 | 000,000,873 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\conduit.xml
[2011.10.31 21:51:10 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-1.xml
[2010.06.28 17:57:49 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-2.xml
[2010.07.22 16:28:32 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-3.xml
[2010.07.25 12:32:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-4.xml
[2010.09.08 16:36:12 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-5.xml
[2010.09.17 13:27:23 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-6.xml
[2010.10.04 15:31:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-7.xml
[2010.10.29 12:17:40 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-8.xml
[2010.06.22 14:48:00 | 000,000,947 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin.xml
[2011.02.26 09:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.03 16:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 15:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.26 09:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008.12.09 13:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.06.08 19:10:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.12.08 17:25:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.06 16:47:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.11.03 16:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 15:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.26 09:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.08.19 13:16:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.19 13:16:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.19 13:16:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.19 13:16:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.19 13:16:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [recinfo450] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A52F4E-5D1C-4313-BE1F-83AF8DE3C015}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F311ACA8-8973-4405-8378-AB7C9A0BC48E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\Shell - "" = AutoRun
O33 - MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.01 17:09:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis Schmid\AppData\Roaming\Malwarebytes
[2011.11.01 17:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.01 17:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.01 17:09:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.01 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.31 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis Schmid\AppData\Local\Proxure
[2011.10.31 18:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2011.10.31 09:41:12 | 000,000,000 | RHSD | C] -- C:\Users\Dennis Schmid\M-1-52-5782-8752-5245
[2011.10.22 07:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.21 14:22:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis Schmid\AppData\Roaming\Avira
[2011.10.21 14:21:00 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.21 14:21:00 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.21 14:21:00 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.21 14:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.21 14:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.14 23:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2011.10.14 23:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape

========== Files - Modified Within 30 Days ==========

[2011.11.02 16:36:09 | 000,000,000 | ---- | M] () -- C:\Users\Dennis Schmid\defogger_reenable
[2011.11.02 16:11:10 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.02 16:11:10 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.02 16:11:10 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.02 16:11:10 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.02 16:05:20 | 000,519,890 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.02 16:05:12 | 000,519,890 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.02 16:05:11 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 16:05:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 16:04:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.02 16:04:54 | 2145,820,672 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.01 19:08:59 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.01 17:09:18 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.27 21:08:17 | 000,112,682 | ---- | M] () -- C:\Users\Dennis Schmid\Desktop\01_suicide_geisha_bg.jpg
[2011.10.27 18:22:07 | 000,011,264 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.15 13:29:09 | 000,296,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.15 00:29:29 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

========== Files Created - No Company Name ==========

[2011.11.02 16:36:09 | 000,000,000 | ---- | C] () -- C:\Users\Dennis Schmid\defogger_reenable
[2011.11.01 17:09:18 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.27 21:08:13 | 000,112,682 | ---- | C] () -- C:\Users\Dennis Schmid\Desktop\01_suicide_geisha_bg.jpg
[2011.10.15 00:29:29 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.01.04 16:43:35 | 000,000,680 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Local\d3d9caps.dat
[2010.12.15 16:24:11 | 000,519,890 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.12.15 16:24:11 | 000,519,890 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.03 11:14:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.03 10:30:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.03 10:30:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.21 17:19:06 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.01.15 18:47:31 | 000,268,468 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\UserTile.png
[2009.01.07 20:52:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.05.28 19:56:17 | 000,001,488 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\wklnhst.dat
[2008.03.18 18:41:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.03.18 18:35:51 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.09 17:24:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.12.27 13:45:38 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.12.24 19:59:58 | 000,253,189 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\nvModes.001
[2007.12.24 19:24:23 | 000,011,264 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.24 19:13:50 | 000,253,189 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\nvModes.dat
[2007.12.24 18:53:23 | 000,000,101 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Local\fusioncache.dat
[2007.10.24 10:00:48 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.10.24 09:27:21 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2007.10.24 09:20:21 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2006.11.02 16:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,296,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

========== LOP Check ==========

[2011.02.07 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\DVDVideoSoft
[2009.09.27 11:48:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\LG Electronics
[2010.10.01 13:48:01 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\NCH Swift Sound
[2011.01.04 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\SoundSpectrum
[2007.12.24 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\T-Online
[2008.05.28 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Template
[2010.07.22 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Tobit
[2010.10.25 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Uniblue
[2011.11.01 19:08:59 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2007.12.28 18:38:32 | 000,000,000 | ---D | M] -- C:\$fsctmp
[2008.11.23 17:30:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.07.22 20:21:10 | 000,000,000 | ---D | M] -- C:\Big Fish Games
[2010.06.13 15:31:18 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.12.24 18:21:06 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.02.12 18:58:26 | 000,000,000 | R--D | M] -- C:\DRIVER
[2010.09.11 10:47:00 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.02.12 18:58:26 | 000,000,000 | ---D | M] -- C:\FirstSteps
[2007.10.24 09:31:15 | 000,000,000 | ---D | M] -- C:\fsc-world
[2007.10.24 09:27:34 | 000,000,000 | ---D | M] -- C:\Intel
[2008.02.12 18:58:26 | 000,000,000 | R--D | M] -- C:\MANUAL
[2007.10.24 09:43:27 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.02.12 18:58:27 | 000,000,000 | ---D | M] -- C:\nero
[2007.10.24 09:46:55 | 000,000,000 | ---D | M] -- C:\Off2007HStTrial
[2010.05.31 17:11:46 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.01 17:09:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.01 17:09:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.12.24 18:21:06 | 000,000,000 | -HSD | M] -- C:\Programme
[2007.10.24 09:47:33 | 000,000,000 | ---D | M] -- C:\RecInfo
[2009.09.27 11:53:29 | 000,000,000 | ---D | M] -- C:\Sounds
[2011.11.02 16:46:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.10.24 20:55:00 | 000,000,000 | ---D | M] -- C:\TMP
[2010.09.09 12:30:21 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.15 00:23:10 | 000,000,000 | ---D | M] -- C:\Windows
[2007.10.24 09:48:27 | 000,000,000 | ---D | M] -- C:\Works
[2007.10.24 08:29:08 | 000,000,000 | ---D | M] -- C:\x86

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.12.24 18:53:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.12.24 18:53:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-01 12:35:20

< >

< End of report >

OTL Extras logfile created on: 02.11.2011 16:44:26 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dennis Schmid\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,86% Memory free
4,23 Gb Paging File | 3,17 Gb Available in Paging File | 75,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 65,45 Gb Free Space | 44,19% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 72,98 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive E: | 485,25 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: DENNISSCHMID-PC | User Name: Dennis Schmid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A980F6-4B9E-46CA-9CDA-1F966CB0AEE4}" = lport=5358 | protocol=6 | dir=in | app=system |
"{0277DD41-384B-43F9-99E1-7A9228065009}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{078F75C2-89CB-4C12-A072-192EBFC54CF2}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{1127C19E-66D1-459B-BF51-9FD132859AB6}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1F21AAA5-B535-4212-978A-7648F644E247}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28C9FACF-A8E3-45F8-93AE-C2BFE354A504}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2939D29A-72FE-453D-96CF-794D6AB595B9}" = lport=3390 | protocol=6 | dir=in | app=system |
"{29FDDF81-B19B-481C-9D6F-704207498734}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A9F29BD-12EB-4726-9448-9F20790DFE80}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AD50DC0-F85D-46A9-99C0-FA54DB99B634}" = lport=3390 | protocol=6 | dir=in | app=system |
"{331F58BF-52B7-4C26-B03B-45F1343A7CD3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{33AD4395-A117-4A66-BDA4-BD1B97472BCC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3CA8119E-D5A3-46C7-A18C-847F19E3FB42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F759FE7-4452-4F71-9FB7-9A6B21FC3B4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C6699C4-3749-45FC-95FE-A9132CBF27EA}" = lport=10244 | protocol=6 | dir=in | app=system |
"{52EA5C38-40B5-44DC-BEA4-8160A4CF111A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{569AF1EE-50A8-4523-A291-AB8B1F8EB505}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5807ABB5-AFB6-4A1D-A1D2-E4A2E08AC828}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6252D1E1-B677-450A-AD7B-54A4E906F4B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6285F2EE-C7C6-48C0-B8A7-FBADA42660E2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{65EC4AF7-639C-4346-B0B5-0F8D446497CC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67121401-6723-4AEA-B98C-AE9E85C19FB3}" = lport=10244 | protocol=6 | dir=in | app=system |
"{67DCA0B1-BAE7-44BC-BE55-B3396AB43C66}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{691D2196-E30E-4837-912D-59EAD71C3DF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6BD3BAEC-F26E-4D7E-B544-89958AC62606}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{819AF93C-1FC3-4028-82C9-8DD42E46638B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8983AE0E-D8D0-4E23-8FE1-455A615E1BF5}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{8C25AA3E-C910-4DF4-894B-2ED058EB4F2F}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{8CBF1CEC-7007-4DF2-8E69-5075CA06C32B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99AD0019-A04E-40A3-8CFD-FD8892087DD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9D0B2AB1-E822-4FFD-8472-DBFFEEB71E6B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{A2A6A518-E690-4B5B-ACD0-5A2204E87BF7}" = rport=5357 | protocol=6 | dir=out | app=system |
"{A64F51E6-95C4-44B7-9EE8-FED7EB6DFDED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A94D5140-C03F-4034-BDC2-A5EB69CAC490}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AB677C43-0188-4298-A644-8E78A3E76D43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AB909A98-5160-4B6C-A4F1-EE35EA5D3B15}" = lport=5357 | protocol=6 | dir=in | app=system |
"{AFB46853-923C-479A-889B-4337D192981F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B15129A1-D8F7-4040-B551-F94A6D13C22F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B3D2A3C1-578D-40ED-849D-06609A4E2BFA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B88D653D-8D15-4088-A514-25A6723488B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB9D89F6-46C5-42A6-9879-BF928CE414C7}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{CA9F6AD9-3F55-4512-8D69-33021F96DE7F}" = rport=5358 | protocol=6 | dir=out | app=system |
"{CB42FD7D-3011-47F3-8AB1-0D4475B4930F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CB56DC84-6B36-417D-BFEA-83C8977CB557}" = rport=10244 | protocol=6 | dir=out | app=system |
"{D6DFAEA5-A53D-4262-95D7-34115F38C016}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E03F23CB-E96F-466F-A3C6-893692FECCF7}" = lport=445 | protocol=6 | dir=in | app=system |
"{E82497D3-FD1E-46AB-ADA6-C2ED963187FD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F75F9965-201D-4866-9DA6-A3D1B120B9E4}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AD158D-6629-4F7F-B5C8-D4087FE9CC5D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{01DA9E15-57ED-49D7-BF04-A8B44A4F9B10}" = dir=in | app=c:\program files\cyberlink\powerdv\powerdv.exe |
"{0ED1E55B-8820-4B60-A162-7B2F30EB5A90}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{196D4D42-E6D8-4746-9D4A-597BA670EA85}" = protocol=6 | dir=out | app=system |
"{1BD9016D-AF95-4B07-835F-AE5CEA9B9E5E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1EA4FD14-69C3-4F64-A70B-B147AF0BC520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ED785FD-3923-4795-A745-78A8B50884B5}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{28B7C6D2-6125-433B-A3EE-D59FC31B976B}" = protocol=6 | dir=out | app=system |
"{34A5FDAA-8C80-4CDE-92D4-E9ACAEEB6B0E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{382532EF-A3BD-41A7-A254-595009B619C2}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{3F7E9C03-1B3D-4071-912D-EF8DD09A4093}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3FBEA370-CC1D-4CC8-94FB-443BB6F0ED0D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{49F03849-F125-401C-ABE2-EFDAB22797E6}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{54653199-DE62-4D9A-A31C-D1B4414C86B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58C39914-7EAF-4D87-9FC5-9DC9F6B795C1}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{61D73BB3-B239-4F3B-92CC-5AE33033DAA1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6475ADA7-2F42-42DA-A81C-97E92024F0A3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{7086F5EE-0EAD-4BD0-B863-38BB4927C97F}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{787AB492-B179-479E-913C-DFC9B84A23BB}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{78908816-E567-4459-A6E6-B8A867B56994}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{792E3739-767F-4BF9-BBCA-33743F00F3C3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{80487DF5-8316-40EC-9B8F-782013A3B736}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{80C77A59-351A-4D77-9E1B-DF9362B03FE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{82CB6B91-CAB3-4497-986F-7DBD7D49FF6E}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{9D645A78-E995-45BC-BF68-9EC151C94B7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A19BB84D-DCD2-4A63-A078-0C0C93252853}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{A38329F5-9327-492F-B730-35F49BF7CB1B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A89CD155-C3B1-4ACA-8CE9-AC1477FDFBA5}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{AC265128-F7F1-4B2F-B806-61171AF52E0D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{BAA8C1E6-D3E5-4A68-96E1-36A55951A720}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C440599A-9C31-448B-B6B8-4476C34C912A}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{C81AB3A4-6898-44CD-A514-3F46C1CF8CCD}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{CAF7511F-13D0-4F03-A621-524100B9A8A6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{CB3743A7-FC7D-4D8E-BE48-55B5AC70E0B3}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D54AF0C1-2AD2-47A4-87F7-7DD2AEA2A6CE}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DA2679EB-31EC-481C-B664-BE50431C96DF}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{DAA5F8C0-FF76-40EF-A7F2-C5852E9D259C}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{DC8AFE82-E979-49BE-84D7-15488ED8A522}" = protocol=6 | dir=out | app=system |
"{DC94186A-85FC-4EAD-A5D3-850E9498C5BC}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{DD770AB4-C648-4224-B8BD-1B65BCD1491B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{DDFF1B3C-15E9-4CCC-9672-7CBE0CB435B7}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{EBBDC959-3223-4440-B36C-F76861F9FEDD}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{EC2A82E1-B1CC-48D6-9AAF-1266914878D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ECF383F2-B7B8-4D22-9BC2-F6726324E795}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3B67293-DD57-4E71-850B-B48B29E08AF8}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{F6F458DE-62F5-4304-9162-2E2D56818654}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{FEC8530A-EA64-4D76-9253-4FBFB914B3FF}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"TCP Query User{1498E8E9-AFB5-4535-A0A4-5268C2D68F01}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{65498CD5-B918-4631-A61F-AF9917010372}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{79D5BFDC-B8C4-4031-83F6-C4A5D1B30866}C:\program files\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq\icq6.5\icq.exe |
"TCP Query User{7FB73176-6896-44CE-A87E-24C58CA6E66E}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"TCP Query User{A0146A10-FD74-4920-87CA-EF08CD11E2E5}C:\program files\icq\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq\icq6\icq.exe |
"TCP Query User{BEEC5DE3-78D8-44BF-BC07-878E5E7D41D4}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe |
"TCP Query User{E7B11093-FE74-41B4-A73E-C4A8B1FE3690}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{231995C8-A3A8-422C-9071-0ADE348D42C9}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"UDP Query User{3A378E28-22C3-4A73-8292-DD4DB07E7946}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{70E267DF-9F69-4C37-AC88-392D43FA853D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8404B085-66DA-4AA6-B189-8BBF039D586F}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe |
"UDP Query User{CA61C510-5A39-4A3B-AB20-E1684E70ACDC}C:\program files\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq\icq6.5\icq.exe |
"UDP Query User{EB8E0A5C-03AD-4D29-ADE7-3FF7389928F0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FDE15500-940A-4453-AA32-6884986A9A9F}C:\program files\icq\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq\icq6\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0590062B-1E79-4717-B1AC-45B6DCA43B36}" = GEAR driver installer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory und Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.14
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual Villagers" = Virtual Villagers (remove only)
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"YelsieJayHouse6Reloaded_is1" = eJay House 6 Reloaded

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23.04.2010 05:34:35 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23.04.2010 05:39:48 | Computer Name = DennisSchmid-PC | Source = WerSvc | ID = 5007
Description =

Error - 23.04.2010 08:10:54 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23.04.2010 08:10:54 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23.04.2010 08:15:47 | Computer Name = DennisSchmid-PC | Source = WerSvc | ID = 5007
Description =

Error - 24.04.2010 08:05:53 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24.04.2010 08:05:54 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24.04.2010 08:10:43 | Computer Name = DennisSchmid-PC | Source = WerSvc | ID = 5007
Description =

Error - 26.04.2010 12:26:19 | Computer Name = DennisSchmid-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 26.04.2010 12:52:30 | Computer Name = DennisSchmid-PC | Source = EventSystem | ID = 4609
Description =

[ Media Center Events ]
Error - 09.09.2008 15:22:26 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:22:43 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:03 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:18 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:31 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:45 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:23:56 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:24:11 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:24:26 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 09.09.2008 15:25:46 | Computer Name = DennisSchmid-PC | Source = Mcx2Svc | ID = 301
Description =

[ System Events ]
Error - 27.10.2011 18:21:19 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:19 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:20 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:20 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:20 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:21 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:21 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 27.10.2011 18:21:31 | Computer Name = DennisSchmid-PC | Source = DCOM | ID = 10016
Description =

Error - 31.10.2011 14:49:43 | Computer Name = DennisSchmid-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.10.2011 um 19:48:07 unerwartet heruntergefahren.

Error - 01.11.2011 12:20:52 | Computer Name = DennisSchmid-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-02 17:59:10
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: 6iinvvoo.exe; Driver: C:\Users\DENNIS~1\AppData\Local\Temp\ffkoapoc.sys


---- System - GMER 1.0.15 ----

SSDT 904AAE16 ZwCreateSection
SSDT 904AAE20 ZwRequestWaitReplyPort
SSDT 904AAE1B ZwSetContextThread
SSDT 904AAE25 ZwSetSecurityObject
SSDT 904AAE2A ZwSystemDebugControl
SSDT 904AADB7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 822BE998 4 Bytes [16, AE, 4A, 90] {PUSH SS; SCASB ; DEC EDX; NOP }
.text ntkrnlpa.exe!KeSetEvent + 539 822BECBC 4 Bytes [20, AE, 4A, 90]
.text ntkrnlpa.exe!KeSetEvent + 56D 822BECF0 2 Bytes [1B, AE]
.text ntkrnlpa.exe!KeSetEvent + 570 822BECF3 1 Byte [90]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822BED54 4 Bytes [25, AE, 4A, 90]
.text ...

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0edde
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0fdd8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0fdd8@001a75f854ae 0xAD 0xCB 0x93 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0fdd8@0025e5350cd0 0xAE 0x73 0xF5 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0edde (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0fdd8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0fdd8@001a75f854ae 0xAD 0xCB 0x93 0x5D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0fdd8@0025e5350cd0 0xAE 0x73 0xF5 0xEC ...

---- EOF - GMER 1.0.15 ----

Alt 02.11.2011, 20:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 03.11.2011, 16:07   #3
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



ja, hier die fehlenden logs...
... habe jedoch 2 scans unterbrochen

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8061

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

01.11.2011 17:20:54
mbam-log-2011-11-01 (17-20-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165649
Laufzeit: 8 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
c:\Users\dennis schmid\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> 3520 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Trojan.Agent) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\dennis schmid\AppData\Local\Temp\0915287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\1875541.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\2444670.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\2544663.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\7168182.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\7988757.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\8375011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\9566287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\4056756.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\4069043.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\6208099.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8061

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

01.11.2011 17:20:54
mbam-log-2011-11-01 (17-20-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165649
Laufzeit: 8 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 12

Infizierte Speicherprozesse:
c:\Users\dennis schmid\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> 3520 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows Update (Trojan.Agent) -> Value: Microsoft® Windows Update -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\dennis schmid\AppData\Local\Temp\0915287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\1875541.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\2444670.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\2544663.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\7168182.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\7988757.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\8375011.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\9566287.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\4056756.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\4069043.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\Temp\6208099.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\m-1-52-5782-8752-5245\winsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8061

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

01.11.2011 17:33:59
mbam-log-2011-11-01 (17-33-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 2331
Laufzeit: 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8061

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

01.11.2011 18:32:02
mbam-log-2011-11-01 (18-32-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Durchsuchte Objekte: 296983
Laufzeit: 52 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\dennis schmid\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\J6M3RIWJ\st[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\dennis schmid\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\SWBFBFZ2\st[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

17:10:18 Dennis Schmid MESSAGE Protection started successfully
17:10:22 Dennis Schmid MESSAGE IP Protection started successfully
17:10:29 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49823, Process: winsvc.exe)
17:10:29 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49825, Process: winsvc.exe)
17:10:37 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49826, Process: winsvc.exe)
17:10:37 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49828, Process: winsvc.exe)
17:10:37 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49829, Process: winsvc.exe)
17:10:45 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49830, Process: winsvc.exe)
17:10:45 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49831, Process: winsvc.exe)
17:10:53 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49833, Process: winsvc.exe)
17:10:53 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49834, Process: winsvc.exe)
17:11:02 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49835, Process: winsvc.exe)
17:11:02 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49838, Process: winsvc.exe)
17:11:10 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49840, Process: winsvc.exe)
17:11:18 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49842, Process: winsvc.exe)
17:11:18 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49843, Process: winsvc.exe)
17:11:26 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49844, Process: winsvc.exe)
17:11:26 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49845, Process: winsvc.exe)
17:11:26 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49846, Process: winsvc.exe)
17:11:34 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49848, Process: winsvc.exe)
17:11:34 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49850, Process: winsvc.exe)
17:11:42 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49851, Process: winsvc.exe)
17:11:50 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49854, Process: winsvc.exe)
17:11:50 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49855, Process: winsvc.exe)
17:11:59 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49856, Process: winsvc.exe)
17:11:59 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49857, Process: winsvc.exe)
17:11:59 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49859, Process: winsvc.exe)
17:12:07 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49860, Process: winsvc.exe)
17:12:07 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49861, Process: winsvc.exe)
17:12:07 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49862, Process: winsvc.exe)
17:12:15 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49863, Process: winsvc.exe)
17:12:23 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49866, Process: winsvc.exe)
17:12:23 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49867, Process: winsvc.exe)
17:12:31 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49868, Process: winsvc.exe)
17:12:31 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49871, Process: winsvc.exe)
17:12:39 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49873, Process: winsvc.exe)
17:12:39 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49874, Process: winsvc.exe)
17:12:47 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49875, Process: winsvc.exe)
17:12:47 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49876, Process: winsvc.exe)
17:12:55 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49877, Process: winsvc.exe)
17:12:55 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49878, Process: winsvc.exe)
17:12:55 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49879, Process: winsvc.exe)
17:13:03 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49881, Process: winsvc.exe)
17:13:11 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49885, Process: winsvc.exe)
17:13:20 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49886, Process: winsvc.exe)
17:13:20 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49887, Process: winsvc.exe)
17:13:20 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49888, Process: winsvc.exe)
17:13:28 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49889, Process: winsvc.exe)
17:13:28 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49890, Process: winsvc.exe)
17:13:36 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49894, Process: winsvc.exe)
17:13:44 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49912, Process: winsvc.exe)
17:13:44 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49913, Process: winsvc.exe)
17:13:52 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49914, Process: winsvc.exe)
17:13:52 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49915, Process: winsvc.exe)
17:13:52 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49916, Process: winsvc.exe)
17:14:00 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49917, Process: winsvc.exe)
17:14:08 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49920, Process: winsvc.exe)
17:14:08 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49921, Process: winsvc.exe)
17:14:08 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49922, Process: winsvc.exe)
17:14:16 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49923, Process: winsvc.exe)
17:14:16 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49924, Process: winsvc.exe)
17:14:16 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49925, Process: winsvc.exe)
17:14:24 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49926, Process: winsvc.exe)
17:14:24 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49927, Process: winsvc.exe)
17:14:32 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49930, Process: winsvc.exe)
17:14:40 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49932, Process: winsvc.exe)
17:14:40 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49934, Process: winsvc.exe)
17:14:49 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49941, Process: winsvc.exe)
17:14:49 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49943, Process: winsvc.exe)
17:14:57 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49944, Process: winsvc.exe)
17:14:57 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49945, Process: winsvc.exe)
17:15:05 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49947, Process: winsvc.exe)
17:15:05 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49948, Process: winsvc.exe)
17:15:05 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49949, Process: winsvc.exe)
17:15:13 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49950, Process: winsvc.exe)
17:15:13 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49951, Process: winsvc.exe)
17:15:13 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49952, Process: winsvc.exe)
17:15:21 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49953, Process: winsvc.exe)
17:15:21 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49954, Process: winsvc.exe)
17:15:29 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49955, Process: winsvc.exe)
17:15:29 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49956, Process: winsvc.exe)
17:15:29 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49958, Process: winsvc.exe)
17:15:37 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49959, Process: winsvc.exe)
17:15:37 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49960, Process: winsvc.exe)
17:15:37 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49968, Process: winsvc.exe)
17:15:45 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49969, Process: winsvc.exe)
17:15:45 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49970, Process: winsvc.exe)
17:15:53 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49972, Process: winsvc.exe)
17:15:53 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49973, Process: winsvc.exe)
17:16:01 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49974, Process: winsvc.exe)
17:16:01 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49977, Process: winsvc.exe)
17:16:09 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49978, Process: winsvc.exe)
17:16:09 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49979, Process: winsvc.exe)
17:16:09 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49980, Process: winsvc.exe)
17:16:17 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49981, Process: winsvc.exe)
17:16:17 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49982, Process: winsvc.exe)
17:16:26 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49983, Process: winsvc.exe)
17:16:26 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49984, Process: winsvc.exe)
17:16:26 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49985, Process: winsvc.exe)
17:16:34 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49987, Process: winsvc.exe)
17:16:34 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49988, Process: winsvc.exe)
17:16:34 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49989, Process: winsvc.exe)
17:16:42 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49990, Process: winsvc.exe)
17:16:42 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49991, Process: winsvc.exe)
17:16:50 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49992, Process: winsvc.exe)
17:16:50 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49993, Process: winsvc.exe)
17:16:50 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49994, Process: winsvc.exe)
17:16:58 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49995, Process: winsvc.exe)
17:16:58 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49996, Process: winsvc.exe)
17:16:58 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 49998, Process: winsvc.exe)
17:17:06 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50000, Process: winsvc.exe)
17:17:14 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50002, Process: winsvc.exe)
17:17:14 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50008, Process: winsvc.exe)
17:17:22 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50009, Process: winsvc.exe)
17:17:30 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50012, Process: winsvc.exe)
17:17:30 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50014, Process: winsvc.exe)
17:17:38 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50016, Process: winsvc.exe)
17:17:47 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50018, Process: winsvc.exe)
17:17:47 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50019, Process: winsvc.exe)
17:17:47 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50020, Process: winsvc.exe)
17:17:55 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50021, Process: winsvc.exe)
17:17:55 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50022, Process: winsvc.exe)
17:18:03 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50025, Process: winsvc.exe)
17:18:03 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50026, Process: winsvc.exe)
17:18:11 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50027, Process: winsvc.exe)
17:18:11 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50028, Process: winsvc.exe)
17:18:11 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50029, Process: winsvc.exe)
17:18:19 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50030, Process: winsvc.exe)
17:18:19 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50031, Process: winsvc.exe)
17:18:19 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50032, Process: winsvc.exe)
17:18:27 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50033, Process: winsvc.exe)
17:18:27 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50034, Process: winsvc.exe)
17:18:35 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50036, Process: winsvc.exe)
17:18:35 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50037, Process: winsvc.exe)
17:18:35 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50038, Process: winsvc.exe)
17:18:43 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50039, Process: winsvc.exe)
17:18:43 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50040, Process: winsvc.exe)
17:18:43 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50041, Process: winsvc.exe)
17:18:52 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50042, Process: winsvc.exe)
17:18:52 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50043, Process: winsvc.exe)
17:19:00 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50045, Process: winsvc.exe)
17:19:00 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50049, Process: winsvc.exe)
17:19:08 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50051, Process: winsvc.exe)
17:19:08 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50052, Process: winsvc.exe)
17:19:16 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50053, Process: winsvc.exe)
17:19:16 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50054, Process: winsvc.exe)
17:19:16 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50055, Process: winsvc.exe)
17:19:24 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50056, Process: winsvc.exe)
17:19:24 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50057, Process: winsvc.exe)
17:19:32 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50060, Process: winsvc.exe)
17:19:32 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50069, Process: winsvc.exe)
17:19:40 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50070, Process: winsvc.exe)
17:19:40 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50071, Process: winsvc.exe)
17:19:40 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50072, Process: winsvc.exe)
17:19:48 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50073, Process: winsvc.exe)
17:19:48 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50074, Process: winsvc.exe)
17:19:56 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50075, Process: winsvc.exe)
17:19:56 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50076, Process: winsvc.exe)
17:19:56 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50077, Process: winsvc.exe)
17:20:04 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50079, Process: winsvc.exe)
17:20:04 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50080, Process: winsvc.exe)
17:20:12 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50082, Process: winsvc.exe)
17:20:12 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50083, Process: winsvc.exe)
17:20:20 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50084, Process: winsvc.exe)
17:20:20 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50085, Process: winsvc.exe)
17:20:20 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50086, Process: winsvc.exe)
17:20:28 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50087, Process: winsvc.exe)
17:20:28 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50088, Process: winsvc.exe)
17:20:28 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50090, Process: winsvc.exe)
17:20:36 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50091, Process: winsvc.exe)
17:20:36 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50092, Process: winsvc.exe)
17:20:36 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50093, Process: winsvc.exe)
17:20:45 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50094, Process: winsvc.exe)
17:20:45 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50095, Process: winsvc.exe)
17:20:53 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50096, Process: winsvc.exe)
17:20:53 Dennis Schmid IP-BLOCK 141.105.66.235 (Type: outgoing, Port: 50097, Process: winsvc.exe)
17:23:33 Dennis Schmid MESSAGE Protection started successfully
17:23:37 Dennis Schmid MESSAGE IP Protection started successfully
17:51:22 Dennis Schmid ERROR Scheduled update failed: No address found failed with error code 11004
18:35:56 Dennis Schmid MESSAGE Protection started successfully
18:36:00 Dennis Schmid MESSAGE IP Protection started successfully

17:51:22 Dennis Schmid ERROR Scheduled update failed: No address found failed with error code 11004
__________________

Alt 03.11.2011, 17:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2011, 19:03   #5
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Hallo Arne,
danke erstmal für die rasche Antwort!
Hier der gewünschte log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c05f0b6f367fde47acc3b0f11894eb81
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-03 06:59:43
# local_time=2011-11-03 07:59:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 1138076 1138076 0 0
# compatibility_mode=5892 16776573 100 100 11284 157874064 0 0
# compatibility_mode=8192 67108863 100 0 3742 3742 0 0
# scanned=150700
# found=6
# cleaned=0
# scan_time=5446
C:\Users\Dennis Schmid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FJ1MUAV\m[1].exe a variant of Win32/AutoRun.Injector.AN worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Dennis Schmid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J6M3RIWJ\r[1].exe a variant of Win32/AutoRun.Injector.AM worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Dennis Schmid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z391NSA7\g[1].exe a variant of Win32/AutoRun.Injector.AN worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Dennis Schmid\AppData\Local\Temp\4413799.exe a variant of Win32/AutoRun.Injector.AN worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Dennis Schmid\AppData\Local\Temp\72970.exe a variant of Win32/AutoRun.Injector.AM worm (unable to clean) 00000000000000000000000000000000 I
C:\Users\Dennis Schmid\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I


Alt 03.11.2011, 19:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Ok mach bitte ein neues OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> USB Stick zeigt nur noch Verknüpfungen an

Alt 03.11.2011, 19:41   #7
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.11.2011 20:29:27 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Dennis Schmid\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,09% Memory free
4,23 Gb Paging File | 3,15 Gb Available in Paging File | 74,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 65,17 Gb Free Space | 44,01% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 72,98 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive E: | 485,25 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DENNISSCHMID-PC | User Name: Dennis Schmid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.02 16:40:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis Schmid\Downloads\OTL.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2007.07.10 17:29:16 | 000,557,056 | ---- | M] (C&E) -- C:\Programme\C&E\OSD\osd.exe
PRC - [2007.05.03 23:00:00 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.05.03 23:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.22 17:31:26 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ita.dll
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56esp.dll
MOD - [2006.11.22 17:31:30 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56brz.dll
MOD - [2006.11.22 17:31:30 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56kor.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ger.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56fra.dll
MOD - [2006.11.22 17:31:28 | 000,065,536 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56dnk.dll
MOD - [2006.11.22 17:31:28 | 000,057,344 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56jpn.dll
MOD - [2006.11.22 17:31:28 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56cht.dll
MOD - [2006.11.22 17:31:28 | 000,053,248 | ---- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56chs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.03 23:00:00 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.12.08 09:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.01.11 20:05:54 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.09.01 07:19:18 | 009,825,728 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.02 16:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 22:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.05.03 23:00:00 | 000,208,896 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2007.04.30 12:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.19 15:15:26 | 000,788,400 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007.04.04 04:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.02.25 05:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.01.30 08:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2006.11.22 17:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.18 12:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2004.11.01 09:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=home"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Dennis Schmid\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.29 14:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.29 14:51:50 | 000,000,000 | ---D | M]
 
[2008.11.01 13:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Extensions
[2011.11.03 17:10:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions
[2010.06.25 11:41:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.21 18:16:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.01 12:47:39 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.08.21 15:27:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.01 12:47:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com
[2011.06.30 18:53:50 | 000,000,873 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\conduit.xml
[2011.10.31 21:51:10 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-1.xml
[2010.06.28 17:57:49 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-2.xml
[2010.07.22 16:28:32 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-3.xml
[2010.07.25 12:32:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-4.xml
[2010.09.08 16:36:12 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-5.xml
[2010.09.17 13:27:23 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-6.xml
[2010.10.04 15:31:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-7.xml
[2010.10.29 12:17:40 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-8.xml
[2010.06.22 14:48:00 | 000,000,947 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin.xml
[2011.02.26 09:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.03 16:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 15:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.26 09:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2008.12.09 13:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.06.08 19:10:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.12.08 17:25:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.06 16:47:52 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.11.03 16:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.05 15:55:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.26 09:13:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.08.19 13:16:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.19 13:16:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.19 13:16:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.19 13:16:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.19 13:16:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [recinfo450] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5A52F4E-5D1C-4313-BE1F-83AF8DE3C015}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F311ACA8-8973-4405-8378-AB7C9A0BC48E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\Shell - "" = AutoRun
O33 - MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.03 18:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.01 17:09:26 | 000,000,000 | ---D | C] -- C:\Users\Dennis Schmid\AppData\Roaming\Malwarebytes
[2011.11.01 17:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.01 17:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.01 17:09:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.01 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.31 18:20:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis Schmid\AppData\Local\Proxure
[2011.10.31 18:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2011.10.31 09:41:12 | 000,000,000 | RHSD | C] -- C:\Users\Dennis Schmid\M-1-52-5782-8752-5245
[2011.10.22 07:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.21 14:22:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis Schmid\AppData\Roaming\Avira
[2011.10.21 14:21:00 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.21 14:21:00 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.21 14:21:00 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.10.21 14:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.21 14:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.10.14 23:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2011.10.14 23:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.03 20:20:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.03 20:20:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.03 16:27:10 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.03 16:27:10 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.03 16:27:10 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.03 16:27:10 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.03 16:21:15 | 000,519,890 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.03 16:21:13 | 000,519,890 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.03 16:20:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.03 16:20:46 | 2143,768,576 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.02 20:43:43 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.02 16:36:09 | 000,000,000 | ---- | M] () -- C:\Users\Dennis Schmid\defogger_reenable
[2011.11.01 17:09:18 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.27 21:08:17 | 000,112,682 | ---- | M] () -- C:\Users\Dennis Schmid\Desktop\01_suicide_geisha_bg.jpg
[2011.10.27 18:22:07 | 000,011,264 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.15 13:29:09 | 000,296,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.15 00:29:29 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2011.11.02 16:36:09 | 000,000,000 | ---- | C] () -- C:\Users\Dennis Schmid\defogger_reenable
[2011.11.01 17:09:18 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.27 21:08:13 | 000,112,682 | ---- | C] () -- C:\Users\Dennis Schmid\Desktop\01_suicide_geisha_bg.jpg
[2011.10.15 00:29:29 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.01.04 16:43:35 | 000,000,680 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Local\d3d9caps.dat
[2010.12.15 16:24:11 | 000,519,890 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.12.15 16:24:11 | 000,519,890 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.03 11:14:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.03 10:30:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.03 10:30:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.21 17:19:06 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.01.15 18:47:31 | 000,268,468 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\UserTile.png
[2009.01.07 20:52:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.05.28 19:56:17 | 000,001,488 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\wklnhst.dat
[2008.03.18 18:41:28 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.03.18 18:35:51 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.09 17:24:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.12.27 13:45:38 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.12.24 19:59:58 | 000,253,189 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\nvModes.001
[2007.12.24 19:24:23 | 000,011,264 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.24 19:13:50 | 000,253,189 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Roaming\nvModes.dat
[2007.12.24 18:53:23 | 000,000,101 | ---- | C] () -- C:\Users\Dennis Schmid\AppData\Local\fusioncache.dat
[2007.10.24 10:00:48 | 000,002,140 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.10.24 09:27:21 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2007.10.24 09:20:21 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2006.11.02 16:33:31 | 000,638,748 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,130,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,296,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,604,324 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 08:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== LOP Check ==========
 
[2011.02.07 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\DVDVideoSoft
[2009.09.27 11:48:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\LG Electronics
[2010.10.01 13:48:01 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\NCH Swift Sound
[2011.01.04 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\SoundSpectrum
[2007.12.24 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\T-Online
[2008.05.28 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Template
[2010.07.22 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Tobit
[2010.10.25 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Uniblue
[2011.11.02 20:43:44 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.01.27 11:18:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Adobe
[2010.11.20 15:43:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Ahead
[2011.10.21 14:22:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Avira
[2008.01.09 17:41:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\CyberLink
[2009.09.29 16:02:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\DivX
[2011.02.07 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\DVDVideoSoft
[2007.12.24 18:24:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Identities
[2007.12.26 13:43:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\InstallShield
[2009.09.27 11:48:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\LG Electronics
[2007.12.24 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Macromedia
[2011.11.01 17:09:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Malwarebytes
[2008.01.09 18:08:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Media Center Programs
[2010.09.09 12:01:27 | 000,000,000 | --SD | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Microsoft
[2008.11.01 13:55:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla
[2010.10.01 13:29:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\NCH Software
[2010.10.01 13:48:01 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\NCH Swift Sound
[2011.11.03 16:21:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Skype
[2010.09.08 19:23:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\skypePM
[2011.01.04 16:41:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\SoundSpectrum
[2007.12.24 18:50:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\T-Online
[2008.05.28 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Template
[2010.07.22 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Tobit
[2010.10.25 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Uniblue
[2011.04.09 12:14:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\Winamp
[2009.04.18 10:47:51 | 000,000,000 | ---D | M] -- C:\Users\Dennis Schmid\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.06.04 12:51:24 | 001,413,256 | R--- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows\Templates\F\USBAutoRun.exe
[2009.05.12 07:46:36 | 000,212,992 | R--- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGSetCDROMAutoRun.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.15 13:25:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.15 13:25:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.15 13:25:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
[2007.05.03 23:00:00 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\DRIVER\CHIPSET\ROBSON1\setup\Winall\Driver64\IaStor.sys
[2007.05.03 23:00:00 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.05.03 23:00:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVER\CHIPSET\ROBSON1\setup\Winall\Driver\iaStor.sys
[2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRIVER\SATA\INTEL\iaStor.sys
[2007.05.03 23:00:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007.02.12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.05.03 23:00:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys
[2007.07.02 16:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.10.24 08:33:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.10.24 08:33:19 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.11.08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys
[2006.11.08 14:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.10.23 16:24:58 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.10.23 16:24:54 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.10.23 16:24:58 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.10.23 16:25:14 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.10.23 16:25:17 | 006,021,120 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---

Alt 03.11.2011, 20:47   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
[2011.06.21 18:16:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.01 12:47:39 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.07.01 12:47:39 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com
[2011.06.30 18:53:50 | 000,000,873 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\conduit.xml
[2011.10.31 21:51:10 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-1.xml
[2010.06.28 17:57:49 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-2.xml
[2010.07.22 16:28:32 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-3.xml
[2010.07.25 12:32:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-4.xml
[2010.09.08 16:36:12 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-5.xml
[2010.09.17 13:27:23 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-6.xml
[2010.10.04 15:31:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-7.xml
[2010.10.29 12:17:40 | 000,000,950 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-8.xml
[2010.06.22 14:48:00 | 000,000,947 | ---- | M] () -- C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin.xml
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
O2 - BHO: (Winamp Toolbar BHO) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\Shell - "" = AutoRun
O33 - MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
[2011.10.31 09:41:12 | 000,000,000 | RHSD | C] -- C:\Users\Dennis Schmid\M-1-52-5782-8752-5245
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.11.2011, 21:01   #9
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\mozilla\Firefox\Profiles\1sxjnydl.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\conduit.xml moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\plugins\npwachk.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Programme\Winamp Toolbar\winamptb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ not found.
File C:\Programme\Winamp Toolbar\winamptb.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124e4cb-ab4c-11de-ab44-00030d74a805}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0124e4cb-ab4c-11de-ab44-00030d74a805}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0124e4cb-ab4c-11de-ab44-00030d74a805}\ not found.
File F:\USBAutoRun.exe not found.
C:\Users\Dennis Schmid\M-1-52-5782-8752-5245 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dennis Schmid
->Temp folder emptied: 1863536944 bytes
->Temporary Internet Files folder emptied: 237253105 bytes
->Java cache emptied: 71877020 bytes
->FireFox cache emptied: 112108032 bytes
->Flash cache emptied: 143819 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139360780 bytes
RecycleBin emptied: 7625622458 bytes

Total Files Cleaned = 9.584,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11032011_215454

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 03.11.2011, 21:05   #10
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Hallo Arne,
kannst du mir viell. sagen wie ich diesen Trojaner, Wurm oder wie auch immer auf meinen Rechner bekommen habe?
Wurde er über den USB-Stick übertragen?
Kann ich meinen USB-Stick (der ja nicht mitgescannt wurde) Sorglos wieder verwenden?

Alt 04.11.2011, 07:56   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Genaue Infektionsquelle kann ich aus der Ferne nicht feststellen. Es gibt auch einige Wege die Infektionen zu verursachen, deswegen musst du alle Maßnahmen umsetzen, die ich zum Schluss poste. Falls ich das nicht mache, erinnere mich bitte daran.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2011, 18:40   #12
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



19:34:39.0629 2684 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
19:34:39.0741 2684 ============================================================
19:34:39.0741 2684 Current date / time: 2011/11/04 19:34:39.0741
19:34:39.0741 2684 SystemInfo:
19:34:39.0741 2684
19:34:39.0741 2684 OS Version: 6.0.6002 ServicePack: 2.0
19:34:39.0741 2684 Product type: Workstation
19:34:39.0741 2684 ComputerName: DENNISSCHMID-PC
19:34:39.0742 2684 UserName: Dennis Schmid
19:34:39.0742 2684 Windows directory: C:\Windows
19:34:39.0742 2684 System windows directory: C:\Windows
19:34:39.0742 2684 Processor architecture: Intel x86
19:34:39.0742 2684 Number of processors: 2
19:34:39.0742 2684 Page size: 0x1000
19:34:39.0742 2684 Boot type: Normal boot
19:34:39.0742 2684 ============================================================
19:34:40.0798 2684 Initialize success
19:35:38.0336 5988 ============================================================
19:35:38.0336 5988 Scan started
19:35:38.0336 5988 Mode: Manual; SigCheck; TDLFS;
19:35:38.0336 5988 ============================================================
19:35:39.0065 5988 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:35:39.0141 5988 ACPI - ok
19:35:39.0243 5988 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:35:39.0287 5988 adp94xx - ok
19:35:39.0356 5988 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:35:39.0369 5988 adpahci - ok
19:35:39.0409 5988 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:35:39.0420 5988 adpu160m - ok
19:35:39.0455 5988 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:35:39.0464 5988 adpu320 - ok
19:35:39.0503 5988 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:35:39.0582 5988 AFD - ok
19:35:39.0632 5988 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:35:39.0642 5988 agp440 - ok
19:35:39.0680 5988 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:35:39.0691 5988 aic78xx - ok
19:35:39.0736 5988 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:35:39.0745 5988 aliide - ok
19:35:39.0802 5988 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:35:39.0815 5988 amdagp - ok
19:35:39.0858 5988 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:35:39.0870 5988 amdide - ok
19:35:39.0909 5988 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:35:40.0124 5988 AmdK7 - ok
19:35:40.0165 5988 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:35:40.0259 5988 AmdK8 - ok
19:35:40.0317 5988 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:35:40.0333 5988 arc - ok
19:35:40.0375 5988 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:35:40.0392 5988 arcsas - ok
19:35:40.0447 5988 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:40.0601 5988 AsyncMac - ok
19:35:40.0632 5988 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:35:40.0664 5988 atapi - ok
19:35:40.0704 5988 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
19:35:40.0773 5988 avgntflt - ok
19:35:40.0802 5988 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys
19:35:40.0812 5988 avipbb - ok
19:35:40.0836 5988 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:35:40.0846 5988 avkmgr - ok
19:35:40.0872 5988 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:35:40.0936 5988 Beep - ok
19:35:40.0963 5988 blbdrive - ok
19:35:40.0991 5988 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:35:41.0058 5988 bowser - ok
19:35:41.0096 5988 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:35:41.0172 5988 BrFiltLo - ok
19:35:41.0202 5988 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:35:41.0251 5988 BrFiltUp - ok
19:35:41.0300 5988 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:35:41.0354 5988 Brserid - ok
19:35:41.0393 5988 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:35:41.0453 5988 BrSerWdm - ok
19:35:41.0493 5988 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:35:41.0561 5988 BrUsbMdm - ok
19:35:41.0613 5988 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:35:41.0715 5988 BrUsbSer - ok
19:35:41.0745 5988 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
19:35:41.0787 5988 BthEnum - ok
19:35:41.0814 5988 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:41.0850 5988 BTHMODEM - ok
19:35:41.0877 5988 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
19:35:41.0948 5988 BthPan - ok
19:35:41.0990 5988 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
19:35:42.0078 5988 BTHPORT - ok
19:35:42.0109 5988 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
19:35:42.0143 5988 BTHUSB - ok
19:35:42.0234 5988 Cam5603D (8521c87314c6243ffd92441d97cdd7ee) C:\Windows\system32\Drivers\BisonCam.sys
19:35:42.0331 5988 Cam5603D - ok
19:35:42.0424 5988 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:35:42.0455 5988 cdfs - ok
19:35:42.0482 5988 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:35:42.0536 5988 cdrom - ok
19:35:42.0565 5988 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
19:35:42.0610 5988 circlass - ok
19:35:42.0639 5988 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:35:42.0657 5988 CLFS - ok
19:35:42.0690 5988 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:42.0736 5988 CmBatt - ok
19:35:42.0786 5988 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:35:42.0799 5988 cmdide - ok
19:35:42.0823 5988 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:35:42.0838 5988 Compbatt - ok
19:35:42.0866 5988 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:35:42.0878 5988 crcdisk - ok
19:35:42.0923 5988 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:35:42.0990 5988 Crusoe - ok
19:35:43.0026 5988 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:35:43.0081 5988 DfsC - ok
19:35:43.0115 5988 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:35:43.0129 5988 disk - ok
19:35:43.0160 5988 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:35:43.0207 5988 drmkaud - ok
19:35:43.0252 5988 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:35:43.0294 5988 DXGKrnl - ok
19:35:43.0345 5988 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:35:43.0418 5988 E1G60 - ok
19:35:43.0453 5988 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:35:43.0474 5988 Ecache - ok
19:35:43.0571 5988 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:35:43.0587 5988 elxstor - ok
19:35:43.0632 5988 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:35:43.0686 5988 exfat - ok
19:35:43.0763 5988 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:35:43.0805 5988 fastfat - ok
19:35:43.0860 5988 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:35:43.0912 5988 fdc - ok
19:35:43.0940 5988 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:35:43.0950 5988 FileInfo - ok
19:35:44.0004 5988 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:35:44.0037 5988 Filetrace - ok
19:35:44.0082 5988 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:44.0147 5988 flpydisk - ok
19:35:44.0176 5988 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:35:44.0193 5988 FltMgr - ok
19:35:44.0223 5988 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:35:44.0252 5988 Fs_Rec - ok
19:35:44.0315 5988 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:35:44.0325 5988 gagp30kx - ok
19:35:44.0352 5988 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:35:44.0360 5988 GEARAspiWDM - ok
19:35:44.0432 5988 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:35:44.0498 5988 HdAudAddService - ok
19:35:44.0540 5988 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:35:44.0608 5988 HDAudBus - ok
19:35:44.0636 5988 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
19:35:44.0676 5988 HidBth - ok
19:35:44.0701 5988 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
19:35:44.0756 5988 HidIr - ok
19:35:44.0783 5988 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:35:44.0808 5988 HidUsb - ok
19:35:44.0856 5988 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:35:44.0868 5988 HpCISSs - ok
19:35:44.0907 5988 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:35:44.0992 5988 HTTP - ok
19:35:45.0031 5988 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:35:45.0047 5988 i2omp - ok
19:35:45.0078 5988 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:45.0129 5988 i8042prt - ok
19:35:45.0164 5988 iaNvStor (5a665ffdd5c08a5bbd469cb006993017) C:\Windows\system32\DRIVERS\iaNvStor.sys
19:35:45.0191 5988 iaNvStor - ok
19:35:45.0226 5988 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
19:35:45.0248 5988 iaStor - ok
19:35:45.0297 5988 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:35:45.0320 5988 iaStorV - ok
19:35:45.0367 5988 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:35:45.0383 5988 iirsp - ok
19:35:45.0519 5988 IntcAzAudAddService (9ed3cf7322a49dac3eca62bb9928ca54) C:\Windows\system32\drivers\RTKVHDA.sys
19:35:45.0783 5988 IntcAzAudAddService - ok
19:35:45.0819 5988 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:35:45.0843 5988 intelide - ok
19:35:45.0873 5988 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:35:45.0994 5988 intelppm - ok
19:35:46.0058 5988 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:46.0131 5988 IpFilterDriver - ok
19:35:46.0163 5988 IpInIp - ok
19:35:46.0212 5988 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:35:46.0331 5988 IPMIDRV - ok
19:35:46.0392 5988 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:35:46.0454 5988 IPNAT - ok
19:35:46.0510 5988 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:35:46.0584 5988 IRENUM - ok
19:35:46.0623 5988 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:35:46.0650 5988 isapnp - ok
19:35:46.0688 5988 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:35:46.0721 5988 iScsiPrt - ok
19:35:46.0807 5988 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:35:46.0830 5988 iteatapi - ok
19:35:46.0860 5988 itecir (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys
19:35:46.0906 5988 itecir - ok
19:35:46.0953 5988 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:35:46.0976 5988 iteraid - ok
19:35:47.0045 5988 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
19:35:47.0084 5988 JRAID - ok
19:35:47.0113 5988 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:47.0139 5988 kbdclass - ok
19:35:47.0168 5988 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:35:47.0234 5988 kbdhid - ok
19:35:47.0314 5988 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:35:47.0372 5988 KSecDD - ok
19:35:47.0422 5988 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:35:47.0492 5988 lltdio - ok
19:35:47.0543 5988 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:35:47.0552 5988 LSI_FC - ok
19:35:47.0591 5988 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:35:47.0601 5988 LSI_SAS - ok
19:35:47.0639 5988 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:35:47.0649 5988 LSI_SCSI - ok
19:35:47.0675 5988 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:35:47.0713 5988 luafv - ok
19:35:47.0767 5988 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
19:35:47.0779 5988 MBAMProtector - ok
19:35:47.0805 5988 MBAMSwissArmy - ok
19:35:47.0854 5988 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:35:47.0861 5988 megasas - ok
19:35:47.0888 5988 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:35:47.0909 5988 Modem - ok
19:35:47.0934 5988 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:35:47.0965 5988 monitor - ok
19:35:47.0989 5988 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:35:47.0998 5988 mouclass - ok
19:35:48.0021 5988 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:35:48.0063 5988 mouhid - ok
19:35:48.0088 5988 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:35:48.0096 5988 MountMgr - ok
19:35:48.0141 5988 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:35:48.0152 5988 mpio - ok
19:35:48.0178 5988 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:35:48.0209 5988 mpsdrv - ok
19:35:48.0254 5988 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:35:48.0263 5988 Mraid35x - ok
19:35:48.0308 5988 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:35:48.0364 5988 MRxDAV - ok
19:35:48.0391 5988 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:48.0425 5988 mrxsmb - ok
19:35:48.0455 5988 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:48.0476 5988 mrxsmb10 - ok
19:35:48.0502 5988 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:48.0538 5988 mrxsmb20 - ok
19:35:48.0586 5988 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:35:48.0597 5988 msahci - ok
19:35:48.0701 5988 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:35:48.0715 5988 msdsm - ok
19:35:48.0749 5988 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:35:48.0820 5988 Msfs - ok
19:35:48.0844 5988 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:35:48.0857 5988 msisadrv - ok
19:35:49.0035 5988 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:35:49.0076 5988 MSKSSRV - ok
19:35:49.0128 5988 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:49.0189 5988 MSPCLOCK - ok
19:35:49.0246 5988 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:35:49.0299 5988 MSPQM - ok
19:35:49.0329 5988 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:35:49.0355 5988 MsRPC - ok
19:35:49.0384 5988 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:35:49.0400 5988 mssmbios - ok
19:35:49.0470 5988 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:35:49.0532 5988 MSTEE - ok
19:35:49.0559 5988 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:35:49.0577 5988 Mup - ok
19:35:49.0612 5988 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:35:49.0655 5988 NativeWifiP - ok
19:35:49.0704 5988 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:35:49.0738 5988 NDIS - ok
19:35:49.0765 5988 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:49.0805 5988 NdisTapi - ok
19:35:49.0831 5988 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:49.0888 5988 Ndisuio - ok
19:35:49.0917 5988 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:49.0962 5988 NdisWan - ok
19:35:49.0989 5988 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:35:50.0025 5988 NDProxy - ok
19:35:50.0051 5988 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:35:50.0130 5988 NetBIOS - ok
19:35:50.0162 5988 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:35:50.0202 5988 netbt - ok
19:35:50.0319 5988 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
19:35:50.0430 5988 NETw4v32 - ok
19:35:50.0475 5988 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:35:50.0491 5988 nfrd960 - ok
19:35:50.0528 5988 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:35:50.0562 5988 Npfs - ok
19:35:50.0590 5988 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:35:50.0651 5988 nsiproxy - ok
19:35:50.0736 5988 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:35:50.0870 5988 Ntfs - ok
19:35:50.0951 5988 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:35:50.0988 5988 ntrigdigi - ok
19:35:51.0015 5988 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:35:51.0023 5988 NuidFltr - ok
19:35:51.0046 5988 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:35:51.0068 5988 Null - ok
19:35:51.0403 5988 nvlddmkm (2713392707e515efb671751fa767ebd2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:35:52.0325 5988 nvlddmkm - ok
19:35:52.0357 5988 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:35:52.0376 5988 nvraid - ok
19:35:52.0448 5988 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
19:35:52.0468 5988 nvrd32 - ok
19:35:52.0503 5988 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:35:52.0520 5988 nvstor - ok
19:35:52.0565 5988 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
19:35:52.0582 5988 nvstor32 - ok
19:35:52.0625 5988 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:35:52.0644 5988 nv_agp - ok
19:35:52.0670 5988 NwlnkFlt - ok
19:35:52.0696 5988 NwlnkFwd - ok
19:35:52.0732 5988 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:35:52.0765 5988 ohci1394 - ok
19:35:52.0817 5988 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:35:52.0907 5988 Parport - ok
19:35:52.0974 5988 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:35:52.0992 5988 partmgr - ok
19:35:53.0033 5988 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:35:53.0120 5988 Parvdm - ok
19:35:53.0153 5988 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:35:53.0180 5988 pci - ok
19:35:53.0223 5988 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
19:35:53.0238 5988 pciide - ok
19:35:53.0286 5988 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:35:53.0307 5988 pcmcia - ok
19:35:53.0363 5988 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:35:53.0563 5988 PEAUTH - ok
19:35:53.0618 5988 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:35:53.0641 5988 PptpMiniport - ok
19:35:53.0702 5988 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:35:53.0751 5988 Processor - ok
19:35:53.0782 5988 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:35:53.0820 5988 PSched - ok
19:35:53.0905 5988 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:35:53.0976 5988 ql2300 - ok
19:35:54.0018 5988 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:35:54.0029 5988 ql40xx - ok
19:35:54.0078 5988 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:35:54.0129 5988 QWAVEdrv - ok
19:35:54.0153 5988 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:35:54.0196 5988 RasAcd - ok
19:35:54.0223 5988 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:54.0267 5988 Rasl2tp - ok
19:35:54.0295 5988 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:54.0317 5988 RasPppoe - ok
19:35:54.0342 5988 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:35:54.0377 5988 RasSstp - ok
19:35:54.0407 5988 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:35:54.0448 5988 rdbss - ok
19:35:54.0472 5988 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:54.0511 5988 RDPCDD - ok
19:35:54.0560 5988 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:35:54.0613 5988 rdpdr - ok
19:35:54.0640 5988 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:35:54.0671 5988 RDPENCDD - ok
19:35:54.0725 5988 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:35:54.0779 5988 RDPWD - ok
19:35:54.0813 5988 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
19:35:54.0864 5988 RFCOMM - ok
19:35:54.0897 5988 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:35:54.0938 5988 rspndr - ok
19:35:54.0968 5988 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:35:55.0005 5988 RTL8169 - ok
19:35:55.0052 5988 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:35:55.0070 5988 sbp2port - ok
19:35:55.0107 5988 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:35:55.0188 5988 secdrv - ok
19:35:55.0226 5988 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:35:55.0319 5988 Serenum - ok
19:35:55.0361 5988 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:35:55.0446 5988 Serial - ok
19:35:55.0485 5988 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:35:55.0525 5988 sermouse - ok
19:35:55.0577 5988 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:35:55.0668 5988 sffdisk - ok
19:35:55.0711 5988 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:35:55.0801 5988 sffp_mmc - ok
19:35:55.0838 5988 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:35:55.0909 5988 sffp_sd - ok
19:35:55.0949 5988 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:35:56.0029 5988 sfloppy - ok
19:35:56.0068 5988 Si3531 (8613e8fe6c190f377240a3989fad5d5e) C:\Windows\system32\DRIVERS\Si3531.sys
19:35:56.0088 5988 Si3531 - ok
19:35:56.0115 5988 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\Windows\system32\DRIVERS\SiWinAcc.sys
19:35:56.0150 5988 SiFilter - ok
19:35:56.0176 5988 SiRemFil (41a59f484188be629087ba391ff60d74) C:\Windows\system32\DRIVERS\SiRemFil.sys
19:35:56.0230 5988 SiRemFil - ok
19:35:56.0272 5988 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:35:56.0288 5988 sisagp - ok
19:35:56.0329 5988 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:35:56.0353 5988 SiSRaid2 - ok
19:35:56.0403 5988 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:35:56.0430 5988 SiSRaid4 - ok
19:35:56.0472 5988 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:35:56.0536 5988 Smb - ok
19:35:56.0603 5988 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
19:35:56.0681 5988 smserial - ok
19:35:56.0727 5988 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:35:56.0752 5988 spldr - ok
19:35:56.0800 5988 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:35:56.0849 5988 srv - ok
19:35:56.0884 5988 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:35:56.0962 5988 srv2 - ok
19:35:56.0995 5988 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:35:57.0051 5988 srvnet - ok
19:35:57.0086 5988 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:35:57.0108 5988 ssmdrv - ok
19:35:57.0147 5988 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:35:57.0171 5988 swenum - ok
19:35:57.0229 5988 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:35:57.0254 5988 Symc8xx - ok
19:35:57.0292 5988 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:35:57.0316 5988 Sym_hi - ok
19:35:57.0362 5988 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:35:57.0386 5988 Sym_u3 - ok
19:35:57.0467 5988 tbhsd (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
19:35:57.0491 5988 tbhsd - ok
19:35:57.0565 5988 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
19:35:57.0721 5988 Tcpip - ok
19:35:57.0787 5988 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
19:35:57.0882 5988 Tcpip6 - ok
19:35:57.0906 5988 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:35:57.0960 5988 tcpipreg - ok
19:35:58.0011 5988 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:35:58.0050 5988 TDPIPE - ok
19:35:58.0095 5988 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:35:58.0130 5988 TDTCP - ok
19:35:58.0156 5988 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:35:58.0188 5988 tdx - ok
19:35:58.0213 5988 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:35:58.0225 5988 TermDD - ok
19:35:58.0265 5988 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:58.0293 5988 tssecsrv - ok
19:35:58.0319 5988 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:35:58.0356 5988 tunmp - ok
19:35:58.0381 5988 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:35:58.0412 5988 tunnel - ok
19:35:58.0454 5988 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:35:58.0464 5988 uagp35 - ok
19:35:58.0495 5988 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:35:58.0537 5988 udfs - ok
19:35:58.0589 5988 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:35:58.0600 5988 uliagpkx - ok
19:35:58.0641 5988 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:35:58.0661 5988 uliahci - ok
19:35:58.0720 5988 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:35:58.0730 5988 UlSata - ok
19:35:58.0772 5988 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:35:58.0784 5988 ulsata2 - ok
19:35:58.0809 5988 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:35:58.0841 5988 umbus - ok
19:35:58.0882 5988 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
19:35:58.0933 5988 UMPass - ok
19:35:58.0964 5988 usbbus - ok
19:35:59.0004 5988 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
19:35:59.0087 5988 usbccgp - ok
19:35:59.0133 5988 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:35:59.0201 5988 usbcir - ok
19:35:59.0226 5988 UsbDiag - ok
19:35:59.0258 5988 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:35:59.0304 5988 usbehci - ok
19:35:59.0336 5988 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:35:59.0381 5988 usbhub - ok
19:35:59.0407 5988 USBModem - ok
19:35:59.0458 5988 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:35:59.0575 5988 usbohci - ok
19:35:59.0611 5988 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:35:59.0647 5988 usbprint - ok
19:35:59.0710 5988 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:59.0727 5988 USBSTOR - ok
19:35:59.0751 5988 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:35:59.0769 5988 usbuhci - ok
19:35:59.0825 5988 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:59.0845 5988 vga - ok
19:35:59.0870 5988 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:35:59.0901 5988 VgaSave - ok
19:35:59.0943 5988 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:35:59.0952 5988 viaagp - ok
19:35:59.0991 5988 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:36:00.0035 5988 ViaC7 - ok
19:36:00.0068 5988 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:36:00.0076 5988 viaide - ok
19:36:00.0142 5988 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
19:36:00.0161 5988 viamraid - ok
19:36:00.0186 5988 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:36:00.0196 5988 volmgr - ok
19:36:00.0229 5988 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:36:00.0251 5988 volmgrx - ok
19:36:00.0370 5988 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:36:00.0390 5988 volsnap - ok
19:36:00.0418 5988 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:36:00.0431 5988 vsmraid - ok
19:36:00.0485 5988 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:36:00.0538 5988 WacomPen - ok
19:36:00.0564 5988 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:00.0610 5988 Wanarp - ok
19:36:00.0616 5988 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:00.0640 5988 Wanarpv6 - ok
19:36:00.0687 5988 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:36:00.0699 5988 Wd - ok
19:36:00.0758 5988 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:36:00.0795 5988 Wdf01000 - ok
19:36:00.0856 5988 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:36:00.0895 5988 WmiAcpi - ok
19:36:00.0966 5988 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:36:00.0997 5988 ws2ifsl - ok
19:36:01.0080 5988 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:01.0137 5988 WUDFRd - ok
19:36:01.0171 5988 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:36:01.0286 5988 \Device\Harddisk0\DR0 - ok
19:36:01.0289 5988 Boot (0x1200) (caafb8bdb5bd7e10837e378e9b73bd06) \Device\Harddisk0\DR0\Partition0
19:36:01.0292 5988 \Device\Harddisk0\DR0\Partition0 - ok
19:36:01.0296 5988 Boot (0x1200) (aa40cf35131a738da08caeedb6af1ff4) \Device\Harddisk0\DR0\Partition1
19:36:01.0297 5988 \Device\Harddisk0\DR0\Partition1 - ok
19:36:01.0298 5988 ============================================================
19:36:01.0298 5988 Scan finished
19:36:01.0299 5988 ============================================================
19:36:01.0313 6076 Detected object count: 0
19:36:01.0313 6076 Actual detected object count: 0

Alt 04.11.2011, 18:50   #13
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Hallo Arne,
eine Frage hätte ich da noch.
Wie du vielleicht bemerkt hast, bin ich eher ein Laie auf auf diesem Gebiet. Besteht auch ein Infektionsrisiko für meinen Mitbewohner, der am selben W-Lan Netzwerk hängt?
Gruß Dennis

Alt 04.11.2011, 19:22   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Zitat:
Besteht auch ein Infektionsrisiko für meinen Mitbewohner, der am selben W-Lan Netzwerk hängt?
Ja besteht immer kann man aber nicht in Prozent angeben

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.11.2011, 19:43   #15
DennisS
 
USB Stick zeigt nur noch Verknüpfungen an - Standard

USB Stick zeigt nur noch Verknüpfungen an



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-11-04.04 - Dennis Schmid 04.11.2011  20:32:47.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1047 [GMT 1:00]
ausgeführt von:: c:\users\Dennis Schmid\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-04 bis 2011-11-04  ))))))))))))))))))))))))))))))
.
.
2011-11-04 18:38 . 2011-11-04 18:38	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DBD62A8-1805-4F10-B45F-90FA71EB7742}\offreg.dll
2011-11-04 18:37 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DBD62A8-1805-4F10-B45F-90FA71EB7742}\mpengine.dll
2011-11-03 20:54 . 2011-11-03 20:54	--------	d-----w-	C:\_OTL
2011-11-03 17:26 . 2011-11-03 17:26	--------	d-----w-	c:\program files\ESET
2011-11-01 16:09 . 2011-11-01 16:09	--------	d-----w-	c:\users\Dennis Schmid\AppData\Roaming\Malwarebytes
2011-11-01 16:09 . 2011-11-01 16:09	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-01 16:09 . 2011-11-01 16:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-11-01 16:09 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-31 17:20 . 2011-10-31 17:20	--------	d-----w-	c:\users\Dennis Schmid\AppData\Local\Proxure
2011-10-31 17:20 . 2011-10-31 17:20	--------	d-----w-	c:\programdata\ClubSanDisk
2011-10-21 13:22 . 2011-10-21 13:22	--------	d-----w-	c:\users\Dennis Schmid\AppData\Roaming\Avira
2011-10-21 13:21 . 2011-10-22 06:39	--------	d-----w-	c:\programdata\Avira
2011-10-21 13:21 . 2011-10-21 13:21	--------	d-----w-	c:\program files\Avira
2011-10-21 13:21 . 2011-10-11 13:00	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-21 13:21 . 2011-10-11 13:00	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-21 13:21 . 2011-10-11 13:00	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-14 23:27 . 2011-09-01 02:41	141088	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2011-10-14 23:27 . 2011-09-01 02:22	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-14 23:27 . 2011-09-01 02:26	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2011-10-14 23:27 . 2011-09-01 02:28	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-10-14 23:26 . 2011-09-01 02:35	1798144	----a-w-	c:\windows\system32\jscript9.dll
2011-10-14 23:26 . 2011-09-01 02:30	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2011-10-14 22:03 . 2011-10-14 22:03	--------	d-----w-	c:\program files\PhotoScape
2011-10-14 11:24 . 2011-07-29 16:01	293376	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-14 11:24 . 2011-07-29 16:01	217088	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-14 11:24 . 2011-07-29 16:00	57856	----a-w-	c:\windows\system32\MSDvbNP.ax
2011-10-14 11:24 . 2011-07-29 16:00	69632	----a-w-	c:\windows\system32\Mpeg2Data.ax
2011-10-14 11:24 . 2011-09-06 13:30	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-10-14 11:24 . 2011-09-14 10:51	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-10-14 11:24 . 2011-08-25 16:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-10-14 11:24 . 2011-08-25 16:14	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-14 11:24 . 2011-08-25 16:14	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-10-14 11:24 . 2011-08-25 13:31	4096	----a-w-	c:\windows\system32\oleaccrc.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-12 15:20 . 2011-05-17 08:34	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-24 7289376]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-03 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-03 33048]
"recinfo450"="c:\recinfo\RecInfo.exe" [2007-09-14 2768896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-24 1833504]
"OSD"="c:\program files\C&E\OSD\osd.exe" [2007-07-10 557056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-01 13797992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Dennis Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Inhaltsverzeichnis.onetoc2 [2007-12-24 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 iaNvStor;Intel(R) Turbo Memory  Technology NAND Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2007-05-03 208896]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-01-30 210224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-04-04 46592]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 27753006
*NewlyCreated* - 59776506
*Deregistered* - 27753006
*Deregistered* - 59776506
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32	8192	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: &Winamp Toolbar Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Dennis Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\1sxjnydl.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-04 20:38
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-11-04  20:40:39
ComboFix-quarantined-files.txt  2011-11-04 19:40
.
Vor Suchlauf: 21 Verzeichnis(se), 84.326.490.112 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 83.968.622.592 Bytes frei
.
- - End Of File - - 110F39470B130BA45EE8CAD33AA30F84
         
--- --- ---

Antwort

Themen zu USB Stick zeigt nur noch Verknüpfungen an
antivir, avira, bho, browser.exe, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, converter, desktop, error, excel.exe, firefox, google, home, iexplore.exe, install.exe, intranet, logfile, malware, microsoft office word, mp3, nvlddmkm.sys, office 2007, policyagent, problem, programm, realtek, recycle.bin, registry, scan, security, security update, senden, software, svchost.exe, usb, vista



Ähnliche Themen: USB Stick zeigt nur noch Verknüpfungen an


  1. USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 01.09.2015 (64)
  2. Windows 8.1: PC zeigt auf USB-Stick nur Verknüpfungen anstatt die Dateien
    Log-Analyse und Auswertung - 09.07.2015 (9)
  3. USB-Stick nur noch mit Verknüpfungen
    Log-Analyse und Auswertung - 01.05.2015 (13)
  4. Mein USB-Stick zeigt nur noch Verknüpfungen an und ein unbekanntes Programm möchte Änderungen an meinem Computer vornehmen
    Plagegeister aller Art und deren Bekämpfung - 21.04.2015 (24)
  5. Usb Stick zeigt nur noch Ordner in Verknüpfungen an #2
    Plagegeister aller Art und deren Bekämpfung - 08.02.2015 (33)
  6. USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (17)
  7. VBS/LNK.Knlobf - USB-Stick zeigt nur Verknüpfungen an
    Log-Analyse und Auswertung - 05.12.2014 (13)
  8. VBS/LNK.Knlobf - USB-Stick zeigt nur Verknüpfungen an
    Log-Analyse und Auswertung - 11.11.2014 (11)
  9. Windows 7: USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 27.08.2014 (3)
  10. Windows 7: USB-Stick zeigt nur noch Verknüpfungen an + avira hat TR/Crypt.ZPACK.82398 gefunden
    Log-Analyse und Auswertung - 13.08.2014 (23)
  11. Windows 7: USB Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 28.05.2014 (20)
  12. USB-Stick zeigt nur noch Verknüpfungen an-->Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (27)
  13. USB Stick zeigt Verknüpfungen an - Malware gefunden
    Log-Analyse und Auswertung - 07.12.2013 (9)
  14. Nur noch Verknüpfungen auf USB-STick
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (33)
  15. USB-Stick zeigt nur noch Verknüpfungen an
    Log-Analyse und Auswertung - 10.10.2013 (1)
  16. USB Stick zeigt nur Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 29.04.2013 (20)
  17. USB-Stick eines Freundes zeigt nur Verknüpfungen ....
    Plagegeister aller Art und deren Bekämpfung - 20.05.2012 (3)

Zum Thema USB Stick zeigt nur noch Verknüpfungen an - Hallo, mein Problem ist folgendes: Ich habe den USB-Stick eines bekannten angeschlossen um MP3 Dateien darauf zu kopieren. Dies funktionierte noch ganz normal. Als mein bekannter den Stick jedoch an - USB Stick zeigt nur noch Verknüpfungen an...
Archiv
Du betrachtest: USB Stick zeigt nur noch Verknüpfungen an auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.