Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.11.2012, 12:03   #1
M4rc31
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Hallo zusammen,

ich habe folgendes Problem: meine Freundin hat sich wohl auf einer Südafrikareise einen netten Virus eingefangen, der sich natürlich sofort auch auf mein System ausgeweitet hat:
Sobald ich einen Wechseldatenträger anschliesse werden die Dateien in Verknüpfungen verwandelt, und die "echten" Ordner versteckt.

Da ich keine Zeit hatte mich darum zu kümmern habe ich erstmal nichts gemacht, nun sind die versteckten Ordner auf meiner externen Festplatte jedoch komplett verschwunden und die Verknüpfungen verweisen auf "abe1d340.exe"

Ich habe daher eine komplette Untersuchung mit Dr.WebIT durchgeführt. Er hat auf allen befallenen Wechseldatenträgern und natürlich auf dem Rechner selber diese exe-Datei als Trojan Siggen 2 erkannt. Zudem hat er noch eine vzaiad.exe als schadhaft erkannt.

Leider kann Dr.WebIT diese Trojaner jedoch nicht löschen, das Problem besteht bisher weiterhin.
Den Rechner würde ich eh komplett formatieren, jedoch sind auf meiner externen Festplatte wichtige Daten, die ich auch sonst nirgends mehr gespeichert habe, daher würde ich diese gerne retten, ohne noch weitere Systeme zu infizieren.

Vielen Dank schonmal für eure Hilfe.

M4rc31

Alt 27.11.2012, 11:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Hallo und

Zitat:
Da ich keine Zeit hatte mich darum zu kümmern habe ich erstmal nichts gemacht, nun sind die versteckten Ordner auf meiner externen Festplatte jedoch komplett verschwunden und die Verknüpfungen verweisen auf "abe1d340.exe"
Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html
Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen

Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör

Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen:

Code:
ATTFilter
attrib -s -h "x:\ordner" /s /d
         
x: => Muss angepasst werden, den passenden Buchstaben verwenden
"ordner" muss dann der jew. richtige Ordnername sein
__________________

__________________

Alt 28.11.2012, 12:37   #3
M4rc31
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Hallo cosinus,

vielen Dank für deine Antwort!
Ich habe jetzt mal alles gemacht was du geschrieben hast, funnktioniert auch alles 1A.
Allerdings ist damit der Virus ja trotzdem noch auf der Festplatte und ich würde jeden PC damit infizieren, sobald ich die HDD einstecke?

Ich bin die Schritte durchgegangen die gemacht werden sollen wenn man ein Thread erstellt. Hier sind mal dazu die log-files.

OTL:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.11.2012 19:30:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,05% Memory free
5,85 Gb Paging File | 4,62 Gb Available in Paging File | 78,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 158,22 Gb Free Space | 53,08% Space Free | Partition Type: NTFS
Drive F: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FUJITSU | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.26 19:30:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe
PRC - [2012.10.28 20:38:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 19:26:23 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 19:26:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.07 19:26:13 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.07 19:26:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.06 12:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.23 15:55:44 | 007,351,760 | ---- | M] (QIP) -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qip.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.11.01 16:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.01 16:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.26 01:44:56 | 000,036,864 | ---- | M] (Dassault Systemes) -- C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
PRC - [2006.07.12 16:43:28 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.28 20:38:09 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.03.23 15:56:04 | 000,957,392 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\Social\Social.dll
MOD - [2012.03.23 15:56:00 | 001,641,936 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\MRA\MRA.dll
MOD - [2012.03.23 15:56:00 | 000,049,104 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\MRA\pics.dll
MOD - [2012.03.23 15:55:56 | 002,524,112 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\InfICQ\InfICQ.dll
MOD - [2012.03.23 15:55:54 | 000,130,000 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Plugins\Win7Helper\Win7Helper.dll
MOD - [2012.01.10 20:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.28 20:38:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 19:26:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.07 19:26:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.11.01 16:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.01 16:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.26 01:44:56 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.09.22 13:55:44 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.09.07 19:26:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.07 19:26:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.07 19:26:23 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.06 11:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.11.01 16:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2007.04.24 17:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV - [2006.11.01 18:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2006.11.01 18:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 5F 0D 04 45 BF CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 20:38:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 20:38:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.09.21 12:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.11.24 13:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tult9ajn.default\extensions
[2012.11.24 13:45:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\tult9ajn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.28 20:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.10.28 20:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.28 20:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.28 20:38:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKCU..\Run: [Infium] C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qip.exe (QIP)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{185516C8-46DF-471B-B15F-2003CFC09F12}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27514C3B-0225-4693-A3BC-4675FCE0D094}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{015be092-03d5-11e2-a745-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{015be092-03d5-11e2-a745-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe
O33 - MountPoints2\{015be092-03d5-11e2-a745-806e6f6e6963}\Shell\option1\command - "" = D:\deskupdate\DeskUpdate.exe
O33 - MountPoints2\{015be092-03d5-11e2-a745-806e6f6e6963}\Shell\support\command - "" = D:\deskupdate\support.bat
O33 - MountPoints2\{a447bcc9-049f-11e2-b903-e0ca94afd7d9}\Shell - "" = AutoRun
O33 - MountPoints2\{a447bcc9-049f-11e2-b903-e0ca94afd7d9}\Shell\AutoRun\command - "" = F:\sources\sperr32.exe -- [2009.07.15 20:39:51 | 000,123,472 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.17 16:50:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.17 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\x-formation
[2012.11.17 16:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\x-formation
[2012.11.17 16:46:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\altair
[2012.11.17 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Altair
[2012.11.13 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\uni
[2012.11.10 12:18:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.07 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Peter der Assi
[2012.11.02 23:42:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Diagnostics
[2012.10.29 21:45:31 | 000,000,000 | ---D | C] -- C:\Swsetup
[2012.10.28 20:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.26 19:29:52 | 000,000,156 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.11.26 19:26:52 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 19:26:52 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.26 19:19:42 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job
[2012.11.26 19:19:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.26 19:19:17 | 2356,584,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.26 13:02:14 | 000,000,806 | ---- | M] () -- C:\Users\Admin\Desktop\DrWeb.csv
[2012.11.26 12:05:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000UA.job
[2012.11.25 11:44:01 | 000,003,584 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.24 15:05:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000Core.job
[2012.11.17 17:12:33 | 000,305,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.17 16:53:45 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.17 16:53:45 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.17 16:53:45 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.17 16:53:45 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.17 16:51:32 | 000,002,603 | ---- | M] () -- C:\Users\Admin\Documents\command.cmf
[2012.11.12 14:00:49 | 000,017,558 | ---- | M] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_10-11-2012_0301.pdf
[2012.11.12 11:57:27 | 000,238,928 | ---- | M] () -- C:\Users\Admin\Desktop\fotobuch.jpg
[2012.11.10 17:40:38 | 001,001,282 | ---- | M] () -- C:\Users\Admin\Desktop\e3.png
[2012.11.10 12:18:08 | 371,964,956 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.08 16:57:40 | 000,002,752 | ---- | M] () -- C:\Users\Admin\Desktop\porsche-schriftzug_274x21px.jpg
[2012.11.08 16:49:07 | 000,028,439 | ---- | M] () -- C:\Users\Admin\Desktop\GT.jpg
[2012.11.08 14:39:27 | 000,015,743 | ---- | M] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_13-10-2012_0953-1.pdf
[2012.11.03 22:38:09 | 000,034,901 | ---- | M] () -- C:\Users\Admin\Desktop\Konto_502656-Auszug_2012_010.pdf.pdf
[2012.11.03 17:57:46 | 000,023,030 | ---- | M] () -- C:\Users\Admin\Desktop\Finanzreport_Nr.09_vom_01.11.2012064305-1.pdf
[2012.11.03 12:25:07 | 000,034,620 | ---- | M] () -- C:\Users\Admin\Desktop\Kontoauszug_63218003__Nr.010_vom_01.11.2012_20121103122452.pdf
[2012.11.03 12:24:46 | 000,028,545 | ---- | M] () -- C:\Users\Admin\Desktop\Kontoauszug_63218607__Nr.010_vom_01.11.2012_20121103122430.pdf
[2012.10.29 23:10:21 | 000,086,924 | ---- | M] () -- C:\Users\Admin\Desktop\81X0gYpIPPL._AA1500_.jpg
[2012.10.29 18:18:41 | 000,094,255 | ---- | M] () -- C:\Users\Admin\Desktop\Klettern.jpg
 
========== Files Created - No Company Name ==========
 
[2012.11.26 19:29:51 | 000,000,156 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.11.25 11:44:01 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.17 16:48:10 | 000,002,603 | ---- | C] () -- C:\Users\Admin\Documents\command.cmf
[2012.11.17 16:44:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 16:44:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.16 18:30:40 | 000,000,806 | ---- | C] () -- C:\Users\Admin\Desktop\DrWeb.csv
[2012.11.12 14:00:49 | 000,017,558 | ---- | C] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_10-11-2012_0301.pdf
[2012.11.12 11:57:27 | 000,238,928 | ---- | C] () -- C:\Users\Admin\Desktop\fotobuch.jpg
[2012.11.10 17:40:37 | 001,001,282 | ---- | C] () -- C:\Users\Admin\Desktop\e3.png
[2012.11.10 12:18:08 | 371,964,956 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.08 16:57:40 | 000,002,752 | ---- | C] () -- C:\Users\Admin\Desktop\porsche-schriftzug_274x21px.jpg
[2012.11.08 16:49:07 | 000,028,439 | ---- | C] () -- C:\Users\Admin\Desktop\GT.jpg
[2012.11.08 14:39:27 | 000,015,743 | ---- | C] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_13-10-2012_0953-1.pdf
[2012.11.03 22:38:09 | 000,034,901 | ---- | C] () -- C:\Users\Admin\Desktop\Konto_502656-Auszug_2012_010.pdf.pdf
[2012.11.03 17:57:46 | 000,023,030 | ---- | C] () -- C:\Users\Admin\Desktop\Finanzreport_Nr.09_vom_01.11.2012064305-1.pdf
[2012.11.03 12:25:07 | 000,034,620 | ---- | C] () -- C:\Users\Admin\Desktop\Kontoauszug_63218003__Nr.010_vom_01.11.2012_20121103122452.pdf
[2012.11.03 12:24:45 | 000,028,545 | ---- | C] () -- C:\Users\Admin\Desktop\Kontoauszug_63218607__Nr.010_vom_01.11.2012_20121103122430.pdf
[2012.10.29 23:10:21 | 000,086,924 | ---- | C] () -- C:\Users\Admin\Desktop\81X0gYpIPPL._AA1500_.jpg
[2012.10.29 18:18:41 | 000,094,255 | ---- | C] () -- C:\Users\Admin\Desktop\Klettern.jpg
[2012.09.22 19:35:54 | 000,016,975 | ---- | C] () -- C:\Users\Admin\candy.jpg
[2012.09.22 14:25:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.22 14:05:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.09.21 11:53:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.01.10 21:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 21:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 21:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 20:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 20:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.10 20:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.28 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2012.09.22 13:59:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2012.09.23 09:51:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DassaultSystemes
[2012.11.26 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox
[2012.09.21 13:54:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012.09.21 14:37:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\jeak.de
[2012.09.21 14:02:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QIP
[2012.09.23 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2012.11.17 16:46:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\x-formation
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.11.2012 19:30:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,05% Memory free
5,85 Gb Paging File | 4,62 Gb Available in Paging File | 78,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 158,22 Gb Free Space | 53,08% Space Free | Partition Type: NTFS
Drive F: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FUJITSU | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CCA81ED-7F38-4219-9B45-50ABBFA4A987}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E031089-1F23-4B30-8BE9-A12514B812C0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1AB6F99F-B55A-4EF7-A820-B25020303EC5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{20071828-4703-40D1-9FA4-A6D2E117BABE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2659FDA5-DD56-49FF-B58F-9A03C3E4A5A9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3A2AAA46-E1F0-4EE4-A578-0B19DBBC2819}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E1B4502-6FA0-463B-9252-0C0D3505987E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43F50730-C456-4135-98A0-FDED2ACEB48F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51AE98EF-6B3A-42C5-A016-D8A04BA91E77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{64D3804C-1094-41C5-8CB6-9AC530782EBC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{67AE0AF0-9DEC-4E61-89E9-4B8A82298AB2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75159396-C8B9-426F-8FF0-F010F0FEB800}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{75A787EC-D187-4480-8B6C-30C722673A3C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7D61E6DC-F70A-4643-95B8-4862878337BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86C0F8B4-B1B9-4528-84E9-7588E596BAB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9EA49F75-3506-45AF-9B20-56FEF572BCDD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB96E35D-4E80-4B48-B53E-EA3248EA4EF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADBB765B-542B-4418-A79E-83AB89457C77}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B2FC5747-9912-4CBF-8D58-10776E5C586C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BF3A242A-E0DE-47D5-A546-C09D0D41A61F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D4DDA857-9104-434F-9667-3D3622F90992}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DB1A60ED-4766-4841-A09E-7C65ECF09AD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC6FD45C-9E27-49DA-B5BB-E9B7CB279DF2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E356F9AE-55EE-4FB0-A3D2-4E8BFCBE31DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC9914E1-538F-438A-A354-51D5A42B801D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{F3A00202-41C2-4C6D-8975-A021D11937FE}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05669E49-4C38-4F20-8772-BE3F96267D36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CB681E8-D7F2-4C36-A6E6-6DCE73A3AB16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E438CD4-6177-4041-BC7D-427C95460D7F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{10A3AAAF-DE10-49A5-9C03-AB9D8ED3B1CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{24EAECE1-D8BA-4970-B353-22234D3FEF39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2AADFBFD-5F03-4EEA-8895-5FB93F7BF0E7}" = dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | 
"{46CB2368-F55A-4A3C-8885-A5A5AEE591BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{60673D87-8578-4825-B971-4945A7A3B55C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{72143582-5766-41C2-9AE5-EFBDA9419D83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7BCF1BAA-B0DD-4718-9668-A32C66DACBC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9404C740-8056-4FF7-8F95-DE6120728CFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{998B6097-B41C-4D0E-ADE3-1A7BA55E3FF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC1263D2-E9E3-4874-B8C4-C47978F33ABD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AFD2EFE8-627E-443F-BAB9-0FE0E22E8BB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBDDF7D4-5A5C-4F37-94E4-2CD87B6DD9ED}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C79F760F-9162-4C2A-AAB5-B28F8AFCD85D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D419DA42-FE29-4355-89F6-97D0BC3CF95B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D489FC88-EF72-4EE0-AFE9-1FE6CECC70C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E5E6F58F-E0C8-42CB-91A6-493458ECFDFD}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E84604DF-857F-4F8A-8FFE-5AB654C9008C}" = protocol=6 | dir=out | app=system | 
"TCP Query User{05943D45-F61D-4614-A509-D62CA01B90F0}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe | 
"TCP Query User{784970EC-4841-46D2-93B0-DE6C800E8C02}C:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe | 
"TCP Query User{7A2C674B-9314-4530-A64D-DB2699BCF4AE}C:\spiele\blobby volley\volley.exe" = protocol=6 | dir=in | app=c:\spiele\blobby volley\volley.exe | 
"TCP Query User{AE2842A7-0654-473F-AF05-4E4A7C86A897}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0410531C-413C-4A7B-B809-FAE5515C83B1}C:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe | 
"UDP Query User{49A769DB-8D90-41F8-8D4A-6321551349C4}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6B32386C-0428-4631-ADCD-3C597AA3C2A2}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe | 
"UDP Query User{CA215497-3730-4F73-989E-07D730954CC0}C:\spiele\blobby volley\volley.exe" = protocol=17 | dir=in | app=c:\spiele\blobby volley\volley.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2FBC78B6-125F-4E8C-8B18-2D7A3C2FD306}" = QIP 2012 7221 Jeak-Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Altair  HyperWorks  11.0.0.39 (Local 32-bit)" = Altair  HyperWorks  11.0.0.39 (Local 32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dassault Systemes B20_0" = Dassault Systemes Software B20
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QIP 2012 7221 Jeak-Edition 4.0.7221" = QIP 2012 7221 Jeak-Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.10.2012 13:17:12 | Computer Name = Fujitsu | Source = VSS | ID = 8194
Description = 
 
Error - 29.10.2012 13:18:39 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
 werden.
 
Error - 29.10.2012 13:21:31 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Microsoft Windows Search Filter Host"
 konnte nicht heruntergefahren werden.
 
Error - 29.10.2012 13:21:36 | Computer Name = Fujitsu | Source = Application Error | ID = 1000
Error - 29.10.2012 13:28:09 | Computer Name = Fujitsu | Source = VSS | ID = 8194
 
Description = 
Error - 29.10.2012 13:29:21 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager
 | ID = 10006
 
Description = Die Anwendung oder der Dienst "Windows Live Mail" konnte nicht heruntergefahren werden.
Error - 29.10.2012 13:29:33 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager
 | ID = 10006
 
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren werden.
Error - 05.11.2012 06:12:58 | Computer Name = Fujitsu | Source = Application Hang
 | ID = 1002
 
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1318

Startzeit: 01cdbb394941a220

Endzeit: 37

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 5d6ea3ff-2731-11e2-8ba7-e0ca94afd7d9

Error - 07.11.2012 14:34:48 | Computer Name = Fujitsu | Source = Application Hang
 | ID = 1002
 
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 300

Startzeit: 01cdbd1674bd02da

Endzeit: 5

Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID: bdd29e8a-2909-11e2-87eb-e0ca94afd7d9

Error - 10.11.2012 12:40:19 | Computer Name = Fujitsu | Source = Application Hang
 | ID = 1002
 
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5bc

Startzeit: 01cdbf3736e76fc2

Endzeit: 102

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 4afdac3a-2b55-11e2-ad12-e0ca94afd7d9

Error - 11.11.2012 13:07:58 | Computer Name = Fujitsu | Source = Application Error
 | ID = 1000
 
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680, Zeitstempel: 0x50882871
Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680, Zeitstempel: 0x508827d6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00130ef7
ID des fehlerhaften Prozesses: 0x1260
Startzeit der fehlerhaften Anwendung: 0x01cdbffb43599fc4
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll
Berichtskennung: 56e09248-2c22-11e2-a136-e0ca94afd7d9
 
Error encountered while reading event logs.
 
< End of report >
         
--- --- ---


Gmer:
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-26 20:41:25
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0
Running: f57i6c57.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fwldypod.sys


---- System - GMER 1.0.15 ----

SSDT            935C9386                                                                                         ZwCreateSection
SSDT            935C9390                                                                                         ZwRequestWaitReplyPort
SSDT            935C938B                                                                                         ZwSetContextThread
SSDT            935C9395                                                                                         ZwSetSecurityObject
SSDT            935C939A                                                                                         ZwSystemDebugControl
SSDT            935C9327                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82C86A49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82CC04D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82CC762C 4 Bytes  [86, 93, 5C, 93]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82CC7988 4 Bytes  [90, 93, 5C, 93] {NOP ; XCHG EBX, EAX; POP ESP; XCHG EBX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82CC79CC 4 Bytes  [8B, 93, 5C, 93]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              82CC7A48 4 Bytes  [95, 93, 5C, 93] {XCHG EBP, EAX; XCHG EBX, EAX; POP ESP; XCHG EBX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              82CC7A9C 4 Bytes  [9A, 93, 5C, 93]
.text           ...                                                                                              
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                              AC8D6000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                              AC8D6123 629 Bytes  [15, 8D, AC, FE, 05, 34, 15, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                              AC8D6399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                              AC8D63FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                              AC8D64AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004e                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94afd7d9                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94afd7d9 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----
         
--- --- ---
__________________

Alt 28.11.2012, 13:07   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.11.2012, 15:09   #5
M4rc31
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Hallo Cosinus,

habe die beiden Programme installiert.
Bei aswMBR gab es Probleme, weswegen ich auf die "none"-Einstellung gegangen bin.

Ich habe die Files angehängt, da es für einen normalen Post zu lange ist.

Grüße

M4rc31

Angehängte Dateien
Dateityp: zip Logfiles.zip (39,5 KB, 47x aufgerufen)

Alt 28.11.2012, 15:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
--> Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen

Alt 28.11.2012, 15:52   #7
M4rc31
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Hallo,

habe ich ebenfalls ausgeführt, hier ist das File:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-28.02 - Admin 28.11.2012  15:30:06.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2997.1903 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Fujitsu
c:\programdata\Fujitsu\DeskUpdate\1038436\_Setup.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\data1.cab
c:\programdata\Fujitsu\DeskUpdate\1038436\data1.hdr
c:\programdata\Fujitsu\DeskUpdate\1038436\data2.cab
c:\programdata\Fujitsu\DeskUpdate\1038436\DisplayIcon.ICO
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\revcon.exe
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\rtsustor.cat
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\RtsUStor.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\RtsUStor.inf
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\RtsUStor.sys
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\RtsUStorIcon.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\revcon.exe
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\rtsustor.cat
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\RtsUStor.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\RtsUStor.inf
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\RtsUStor.sys
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\RtsUStorIcon.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\ISSetup.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\layout.bin
c:\programdata\Fujitsu\DeskUpdate\1038436\SDRTCPRM.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\SetEHCIKey.exe
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.exe
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.ini
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.inx
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.iss
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.log
c:\programdata\Fujitsu\DeskUpdate\1039621\en\FUJ02B1.txt
c:\programdata\Fujitsu\DeskUpdate\1039621\es\FUJ02B1.txt
c:\programdata\Fujitsu\DeskUpdate\1039621\fr\FUJ02B1.txt
c:\programdata\Fujitsu\DeskUpdate\1039621\fuj02b1.cat
c:\programdata\Fujitsu\DeskUpdate\1039621\FUJ02B1.inf
c:\programdata\Fujitsu\DeskUpdate\1039621\FUJ02B1.sys
c:\programdata\Fujitsu\DeskUpdate\1039621\FUJ02B1.txt
c:\programdata\Fujitsu\DeskUpdate\1039623\en\FUJ02E3.txt
c:\programdata\Fujitsu\DeskUpdate\1039623\es\FUJ02E3.txt
c:\programdata\Fujitsu\DeskUpdate\1039623\fr\FUJ02E3.txt
c:\programdata\Fujitsu\DeskUpdate\1039623\fuj02e3.cat
c:\programdata\Fujitsu\DeskUpdate\1039623\FUJ02E3.inf
c:\programdata\Fujitsu\DeskUpdate\1039623\FUJ02E3.sys
c:\programdata\Fujitsu\DeskUpdate\1039623\FUJ02E3.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\en-US\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\es\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\fr\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\ja-JP\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\ko-KR\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\zh-CN\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\zh-TW\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\setup.exe
c:\programdata\Fujitsu\DeskUpdate\1042668\setup.iss
c:\programdata\Fujitsu\DeskUpdate\1042668\setup.log
c:\programdata\Fujitsu\DeskUpdate\1042948\infinst_autol.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\autorun.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\DIFxAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\MEI\heci.cat
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\MEI\HECI.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\MEI\HECI.sys
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\MEI\HECIx64.sys
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\SOL\mesrl.cat
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\SOL\mesrl.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\SOL\mesrle.cat
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\SOL\mesrle.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ar-SA\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ar-SA\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\cs-CZ\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\cs-CZ\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\da-DK\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\da-DK\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\de-DE\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\de-DE\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\el-GR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\el-GR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\en-US\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\en-US\Setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\es-ES\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\es-ES\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\fi-FI\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\fi-FI\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\fr-FR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\fr-FR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\he-IL\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\he-IL\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\hu-HU\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\hu-HU\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\it-IT\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\it-IT\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ja-JP\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ja-JP\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ko-KR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ko-KR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\nb-NO\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\nb-NO\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\nl-NL\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\nl-NL\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pl-PL\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pl-PL\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pt-BR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pt-BR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pt-PT\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pt-PT\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ru-RU\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ru-RU\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sk-SK\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sk-SK\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sl-SI\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sl-SI\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sv-SE\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sv-SE\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\th-TH\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\th-TH\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\tr-TR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\tr-TR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\zh-CN\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\zh-CN\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\zh-TW\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\zh-TW\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\LMS\LMS.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\LMS\NTService_license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\cim_schema_2.20.0.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ActiveConnection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ActsAsSpare.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_AdminDomain.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_AssociatedPowerManagementService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_BasedOn.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_BindsTo.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Capabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectedCollections.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectedMSEs.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Collection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectionConfiguration.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectionOfMSEs.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectionSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CompatibleProduct.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Component.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteJob.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Configuration.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConfigurationComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConfigurationForSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ContainedDomain.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ContainedLocation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DefaultSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Dependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DependencyContext.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DeviceSAPImplementation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DeviceServiceImplementation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DeviceStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DeviceStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementConfiguration.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementLocation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementProfile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementSoftwareIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementStatisticalData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_EnabledLogicalElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_EnabledLogicalElementCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ExtentRedundancyComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ExtraCapacityGroup.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_FRU.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_FRUIncludesProduct.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_FRUPhysicalElements.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_HostedAccessPoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_HostedCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_HostedDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_HostedService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_InstalledSoftwareIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_IsSpare.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Job.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_LocalizationCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Location.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_LogicalDevice.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_LogicalElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_LogicalIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ManagedElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ManagedSystemElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_MemberOfCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_MethodParameters.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_OrderedComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_OrderedMemberOfCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_OwningCollectionElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ParametersForMethod.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ParameterValueSources.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PhysicalElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PhysicalElementLocation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PhysicalStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PhysicalStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PowerManagementCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PowerManagementService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Product.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductFRU.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductParentChild.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductPhysicalComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductPhysicalElements.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductProductDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductServiceComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductSoftwareComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductSupport.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Profile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProtocolEndpoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProvidesEndpoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProvidesServiceToElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Realizes.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RedundancyComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RedundancyGroup.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RedundancySet.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RelatedStatisticalData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RelatedStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RemotePort.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RemoteServiceAccessPoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ReplaceableProductFRU.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SAPAvailableForElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SAPSAPDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SAPStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SAPStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ScopedSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ScopedSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Service.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAccessBySAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAccessPoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAccessURI.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAffectsElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAvailableToElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceSAPDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceServiceDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Setting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SettingAssociatedToCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SettingContext.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SettingForSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SoftwareIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Spared.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SpareGroup.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StatisticalData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StatisticalSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Statistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StatisticsCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StorageExtent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StorageRedundancyGroup.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StorageRedundancySet.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SupportAccess.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Synchronized.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_System.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemConfiguration.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemDevice.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemPackaging.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemSettingContext.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemSpecificCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\comp.bat
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\qualifiers.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\qualifiers_optional.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_AffectedJobElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_AllocatedDMA.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_AllocatedResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_AvailableDiagnosticService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootConfigSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootOSFromFS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootSAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootServiceAccessBySAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootServiceCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootSourceSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Cluster.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ClusteringSAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ClusteringService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ClusterServiceAccessBySAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComponentCS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemDMA.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemIRQ.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemMappedIO.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemNodeCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemPackage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_CorrespondingSettingsRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DataFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DeviceAccessedByFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DeviceFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticCompletionRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResult.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultForMSE.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultForTest.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultInPackage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticServiceCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticServiceRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSettingForTest.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSettingRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticsLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTest.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTestForMSE.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTestInPackage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Directory.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DirectoryContainsFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DMA.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Export.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FIFOPipeFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileStorage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileSystemCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileSystemSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HelpService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HelpServiceAvailableToFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedBootSAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedBootService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedClusterSAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedClusterService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedFileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedJobDestination.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostingCS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_InstalledOS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_IRQ.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_JobDestination.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_JobDestinationJobs.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_JobSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LocalFileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Log.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogEntry.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogicalFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogInDataFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogInDeviceFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogInStorage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogManagesRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_MemoryMappedIO.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_MemoryResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_MessageLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Mount.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_NFS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OOBAlertService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OperatingSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OperationLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OSProcess.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OwningJobElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ParticipatingCS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_PortResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Process.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ProcessExecutable.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ProcessOfJob.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ProcessThread.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RecordAppliesToElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RecordForLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RecordInLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RecordLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RemoteFileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ResidesOnExtent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ResourceOfSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RunningOS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ServiceProcess.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_SymbolicLink.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_SystemPartition.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_SystemResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Thread.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_TimeZone.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnitaryComputerSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixDeviceFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixDirectory.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixLocalFileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixProcess.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixProcessStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixProcessStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixThread.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UseOfLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UseOfMessageLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_VirtualComputerSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_WakeUpService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\User\CIM_Credential.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\CreateMENamespace.bat
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\AMT_EthernetPortSettings.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\AMT_ProvisioningCertificateHash.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\AMT_Service.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\AMT_SetupAuditRecord.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ComputerSystem.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ConcreteDependency.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ConcreteJob.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Credential.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Dependency.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_EnabledLogicalElement.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Job.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_LogEntry.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_LogicalElement.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ManagedElement.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ManagedSystemElement.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_RecordForLog.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Schema_inheritance_classes_Diagram.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Service.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_SettingData.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_System.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\cover.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\index.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\indexframe.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\inherit.gif
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\Intel_ME_defined_Classes_Diagram.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\IntelLogo.bmp
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\key.gif
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\ME_Event.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\ME_System.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\minus.gif
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\OOB_Service.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\plus.gif
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\schema.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_about.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_lg.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_loading.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_m.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_s.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_tiny.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\ME_Schema.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\AMT_EthernetPortSettings.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\AMT_ProvisioningCertificateHash.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\AMT_Service.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\AMT_SetupAuditRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\ME_Event.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\ME_System.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\OOB_Service.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\register.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\remove.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\removeMEnamespace.bat
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\wmi_build.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\MeProv.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\StatusStrings.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\xerces-c_2_7.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\NAC_PP\IntelAMTPP.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\NAC_PP\IntelAMTPP.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\NAC_PP\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Setup.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\Setup.if2
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\DTMessageLib.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\gSOAP_license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\IntelAMTUNS.config
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\OpenSSL_LICENSE.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\StatusStrings.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\UNS.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\xerces-c_2_7.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\xerces_LICENSE.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\x64\DIFxAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\x64\Drv64.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\x64\MEcp64.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\dpinst.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\dpinst.xml
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0401ARA.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0404CHT.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0405CSY.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0406DAN.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0407DEU.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0408ELL.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0409ENU.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula040bFIN.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula040cFRA.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula040dHEB.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula040eHUN.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0410ITA.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0411JPN.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0412KOR.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0413NLD.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0414NOR.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0415PLK.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0416PTB.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0419RUS.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula041dSVE.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula041fTRK.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0804CHS.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0816PTG.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0c0aESP.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\InstNT.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\setup.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\SynChiralRotate.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynChiralVHScroll.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynCntxt.rtf
c:\programdata\Fujitsu\DeskUpdate\1043533\SynCOM.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynCtrl.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynFlick.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynISDLL.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynLinearVHScroll.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynLogo.ico
c:\programdata\Fujitsu\DeskUpdate\1043533\SynMomentum.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynMood.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\synpd.inf
c:\programdata\Fujitsu\DeskUpdate\1043533\SynPinch.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynPivotRotate_ChiralRotate.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynThreeFingerFlick.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynThreeFingersDown.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTP.bmp
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTP.cat
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTP.sys
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPCo4.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPCOM.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPCpl.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPEnh.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPHelper.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPRes.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTwoFingerVHScroll.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynUnst.ini
c:\programdata\Fujitsu\DeskUpdate\1043533\SynZMetr.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\Tutorial.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\WdfCoInstaller01009.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\ChCfg.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Config\rtkhdaud.dat
c:\programdata\Fujitsu\DeskUpdate\1043680\data1.cab
c:\programdata\Fujitsu\DeskUpdate\1043680\data1.hdr
c:\programdata\Fujitsu\DeskUpdate\1043680\data2.cab
c:\programdata\Fujitsu\DeskUpdate\1043680\engine32.cab
c:\programdata\Fujitsu\DeskUpdate\1043680\layout.bin
c:\programdata\Fujitsu\DeskUpdate\1043680\RtlExUpd.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Setup.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.ibt
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.ini
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.inx
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.isn
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.iss
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.log
c:\programdata\Fujitsu\DeskUpdate\1043680\USetup.iss
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\AERTACap.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\AERTARen.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\AERTSrv.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\APOPCH.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\FMAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\hda32.cat
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDA861A.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDACPC.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDACR.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDADELL.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAGW.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAHPAI1.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAHPAI2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAHPNB.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDALC.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDALC2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDALC3.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAPrmAu.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDARt.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDARt9.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDASRSA.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDASRSD.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDASRSD2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDASRSS.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDATHX.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDATHXD.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAToshiba.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAXFM.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MaxxAudioAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MaxxAudioAPO20.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MaxxAudioEQ.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBAPO32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\mbfilt32.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBPPCn32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBppld32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBTHX32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBWrp32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RCORES.dat
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RP3DAA32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RP3DHT32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTCOMDLL.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTEED32A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTEEG32A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTEEL32A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTEEP32A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtHDVBg.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtHDVCpl.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkApoApi.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkAudioService.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkCfg.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkCoInst.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkPgExt.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTKVHDA.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtlCPAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtlUpd.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTSndMgr.cpl
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXComm.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXDAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXHAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXProc.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXSAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SkyTel.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slcshp32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slgeq32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slh36032.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slInit32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slmaxv32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\sltshd32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\sluapo32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SRSHP360.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SRSTSHD.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SRSTSXT.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SRSWOW.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\vncutil.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\WavesLib.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\AERTAC64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\AERTAR64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\AERTSr64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\APOPCH.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\FMAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\GWfilt64.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\hda64.cat
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDX861A.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXCPC.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXCR.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXDELL.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXGW.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXHPAI1.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXHPAI2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXHPNB.INF
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXLC.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXLC2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXLC3.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXPrmAu.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXRT.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXRT9.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXSRSA.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXSRSD.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXSRSD2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXSRSS.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXTHX.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXTHXD.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXToshiba.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXXFM.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MaxxAudioAPO20.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBAPO32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\mbfilt64.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBPPCn64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBppld64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBTHX32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBTHX64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBWrp64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RAVBg64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RAVCpl64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RCoInst64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RCORES64.dat
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RP3DAA64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RP3DHT64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtCOM64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTCOMDLL.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTEED64A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTEEG64A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTEEL64A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTEEP64A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkApi64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkAudioService64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkCfg.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkCfg64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTKVHD64.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtlCPAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtlCPAPI64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtlUpd64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtPgEx64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTSnMg64.cpl
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFComm64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFDAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFHAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFProc64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFSAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SkyTel.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slcshp64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slgeq64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slh36064.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slInit64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slmaxv64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\sltshd64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\sluapo64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SRSHP64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SRSTSH64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SRSTSX64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SRSWOW64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\vncutil64.exe
c:\programdata\Fujitsu\DeskUpdate\1046743\_Setup.dll
c:\programdata\Fujitsu\DeskUpdate\1046743\athr.sys
c:\programdata\Fujitsu\DeskUpdate\1046743\athrext.cat
c:\programdata\Fujitsu\DeskUpdate\1046743\data1.cab
c:\programdata\Fujitsu\DeskUpdate\1046743\data1.hdr
c:\programdata\Fujitsu\DeskUpdate\1046743\data2.cab
c:\programdata\Fujitsu\DeskUpdate\1046743\default.ath
c:\programdata\Fujitsu\DeskUpdate\1046743\ISSetup.dll
c:\programdata\Fujitsu\DeskUpdate\1046743\layout.bin
c:\programdata\Fujitsu\DeskUpdate\1046743\netathr.inf
c:\programdata\Fujitsu\DeskUpdate\1046743\setup.exe
c:\programdata\Fujitsu\DeskUpdate\1046743\setup.ini
c:\programdata\Fujitsu\DeskUpdate\1046743\setup.inx
c:\programdata\Fujitsu\DeskUpdate\1046743\setup.iss
c:\programdata\Fujitsu\DeskUpdate\1047579\note.txt
c:\programdata\Fujitsu\DeskUpdate\1047579\rt86win7.cat
c:\programdata\Fujitsu\DeskUpdate\1047579\rt86win7.inf
c:\programdata\Fujitsu\DeskUpdate\1047579\rt86win7.sys
c:\programdata\Fujitsu\DeskUpdate\1047579\RtNicprop32.DLL
c:\programdata\Fujitsu\DeskUpdate\1047579\RTNUninst32.dll
c:\programdata\Fujitsu\DeskUpdate\1048245\iaAHCI.cat
c:\programdata\Fujitsu\DeskUpdate\1048245\iaAHCI.inf
c:\programdata\Fujitsu\DeskUpdate\1048245\iaStor.cat
c:\programdata\Fujitsu\DeskUpdate\1048245\iaStor.inf
c:\programdata\Fujitsu\DeskUpdate\1048245\iaStor.sys
c:\programdata\Fujitsu\DeskUpdate\1048245\license.txt
c:\programdata\Fujitsu\DeskUpdate\1048245\readme.txt
c:\programdata\Fujitsu\DeskUpdate\1048245\TXTSETUP.OEM
c:\programdata\Fujitsu\DeskUpdate\DeskUpdate.log.xml
c:\windows\system32\cmd.ico
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-28 bis 2012-11-28  ))))))))))))))))))))))))))))))
.
.
2012-11-28 14:39 . 2012-11-28 14:40	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2012-11-28 14:39 . 2012-11-28 14:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-28 11:18 . 2012-03-14 04:00	84992	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAD.DLL
2012-11-28 11:18 . 2012-03-14 04:00	29184	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAD.DLL
2012-11-28 11:17 . 2012-03-14 04:00	311296	----a-w-	c:\windows\system32\CNMLMAD.DLL
2012-11-17 15:46 . 2012-11-17 15:46	--------	d-----w-	c:\users\Admin\AppData\Roaming\x-formation
2012-11-17 15:46 . 2012-11-17 15:46	--------	d-----w-	c:\programdata\x-formation
2012-11-17 15:46 . 2012-11-17 15:46	--------	d-----w-	c:\users\Admin\AppData\Local\Altair
2012-11-17 15:44 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 15:44 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 15:44 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-17 15:44 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 15:44 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 15:44 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-17 15:44 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-17 15:44 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-17 15:44 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-17 15:44 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:36 . 2012-10-03 16:58	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-11-16 04:36 . 2012-10-03 16:42	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-11-16 04:36 . 2012-10-03 16:42	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-11-16 04:36 . 2012-10-03 16:40	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-11-16 04:36 . 2012-10-03 16:42	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-11-16 04:36 . 2012-10-03 16:42	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-11-16 04:36 . 2012-10-03 16:42	18944	----a-w-	c:\windows\system32\netevent.dll
2012-11-16 04:36 . 2012-10-03 15:21	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 04:36 . 2012-09-25 22:47	78336	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 04:36 . 2012-10-18 17:59	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-11-16 04:36 . 2012-10-09 17:40	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-11-16 04:36 . 2012-10-09 17:40	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-11-02 22:42 . 2012-11-02 22:42	--------	d-----w-	c:\users\Admin\AppData\Local\Diagnostics
2012-10-29 20:45 . 2012-10-29 20:45	--------	d-----w-	C:\Swsetup
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-12 11:19 . 2012-09-21 10:57	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 11:19 . 2012-09-21 10:57	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-24 13:32 . 2012-09-26 08:17	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2012-09-25 10:28	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-23 06:25 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-09-22 12:55 . 2012-09-22 12:55	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-21 12:27 . 2012-09-21 12:27	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-09-21 12:27 . 2012-09-21 12:27	161792	----a-w-	c:\windows\system32\msls31.dll
2012-09-21 12:27 . 2012-09-21 12:27	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-09-21 12:27 . 2012-09-21 12:27	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-09-21 12:27 . 2012-09-21 12:27	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-09-21 12:27 . 2012-09-21 12:27	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-09-21 12:27 . 2012-09-21 12:27	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-09-21 12:27 . 2012-09-21 12:27	367104	----a-w-	c:\windows\system32\html.iec
2012-09-21 12:27 . 2012-09-21 12:27	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-09-21 12:27 . 2012-09-21 12:27	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-09-21 12:27 . 2012-09-21 12:27	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-09-21 12:27 . 2012-09-21 12:27	152064	----a-w-	c:\windows\system32\wextract.exe
2012-09-21 12:27 . 2012-09-21 12:27	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-09-21 12:27 . 2012-09-21 12:27	11776	----a-w-	c:\windows\system32\mshta.exe
2012-09-21 12:27 . 2012-09-21 12:27	101888	----a-w-	c:\windows\system32\admparse.dll
2012-09-18 22:59 . 2012-09-21 10:51	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{49CE042A-A999-4DFC-804E-5AD94470E155}\mpengine.dll
2012-09-14 18:28 . 2012-10-21 16:02	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-07 18:26 . 2012-09-21 11:15	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-09-07 18:26 . 2012-09-21 11:15	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-07 18:26 . 2012-09-21 11:15	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-08-31 17:18 . 2012-10-21 16:02	1211760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-21 16:02	3968880	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-21 16:02	3914096	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-28 19:38 . 2012-10-28 19:38	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\program files\jeak.de\QIP 2012 Jeak-Edition\qip.exe" [2012-03-23 7351760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-09-06 162408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 71051979
*NewlyCreated* - ASWMBR
*Deregistered* - 71051979
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 12:55]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 12:55]
.
2012-11-28 c:\windows\Tasks\QIPdater 2012.job
- c:\program files\jeak.de\QIP 2012 Jeak-Edition\qipdater.exe [2012-03-27 19:29]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tult9ajn.default\
FF - ExtSQL: 2012-10-24 22:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2066243063-1105699576-1169010081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2066243063-1105699576-1169010081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-28  15:43:02
ComboFix-quarantined-files.txt  2012-11-28 14:43
.
Vor Suchlauf: 12 Verzeichnis(se), 168.923.246.592 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 169.586.581.504 Bytes frei
.
- - End Of File - - 5D912BB50DCA1F8CF37162EE68398124
         
--- --- ---

Alt 28.11.2012, 16:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.11.2012, 16:22   #9
M4rc31
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Hallo,

anbei das neue Logfile:

Zitat:
# AdwCleaner v2.009 - Datei am 28/11/2012 um 16:21:17 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Admin - FUJITSU
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admin\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default
Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tult9ajn.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v23.0.1271.91

Datei : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [896 octets] - [28/11/2012 16:21:17]

########## EOF - C:\AdwCleaner[R1].txt - [955 octets] ##########

Alt 28.11.2012, 16:30   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.11.2012, 16:52   #11
M4rc31
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Hallo Cosinus,

hier sind die beiden Logfiles.
Ich habe bisher alle Programme / Scans ohne die angeschlossene externe HDD durchgeführt. War das falsch?

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.11.2012 16:38:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,02% Memory free
5,85 Gb Paging File | 4,56 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 157,78 Gb Free Space | 52,93% Space Free | Partition Type: NTFS
 
Computer Name: FUJITSU | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qip.exe (QIP)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
PRC - C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\Social\Social.dll ()
MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\MRA\MRA.dll ()
MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\MRA\pics.dll ()
MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\InfICQ\InfICQ.dll ()
MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Plugins\Win7Helper\Win7Helper.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (BBDemon) -- C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found
DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM)
DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 5F 0D 04 45 BF CD 01  [binary data]
IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 20:38:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 20:38:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.09.21 12:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.11.24 13:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tult9ajn.default\extensions
[2012.11.24 13:45:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\tult9ajn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.28 20:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.10.28 20:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.28 20:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.28 20:38:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.11.28 15:40:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000..\Run: [Infium] C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qip.exe (QIP)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{185516C8-46DF-471B-B15F-2003CFC09F12}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27514C3B-0225-4693-A3BC-4675FCE0D094}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.28 15:43:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.28 15:43:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.28 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2012.11.28 15:27:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.28 15:27:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.28 15:27:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.28 15:27:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.28 15:27:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.28 14:44:43 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012.11.28 13:13:33 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012.11.28 12:17:56 | 000,311,296 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMAD.DLL
[2012.11.17 16:50:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.17 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\x-formation
[2012.11.17 16:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\x-formation
[2012.11.17 16:46:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\altair
[2012.11.17 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Altair
[2012.11.17 16:44:46 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.17 16:44:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.17 16:44:11 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.17 16:44:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.17 16:44:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.17 16:43:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.17 16:43:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.17 16:43:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.17 16:43:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.17 16:43:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.17 16:43:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.17 16:43:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.17 16:43:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.16 05:36:49 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.16 05:36:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.16 05:36:48 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.16 05:36:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 05:36:35 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.16 05:36:31 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.16 05:36:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.13 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\uni
[2012.11.10 12:18:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.07 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Peter der Assi
[2012.11.02 23:42:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Diagnostics
[2012.10.29 21:45:31 | 000,000,000 | ---D | C] -- C:\Swsetup
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.28 16:05:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000UA.job
[2012.11.28 15:56:42 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 15:56:42 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 15:48:59 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job
[2012.11.28 15:48:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.28 15:48:41 | 2356,584,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.28 15:40:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.28 15:05:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000Core.job
[2012.11.28 14:44:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012.11.28 14:43:18 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2012.11.28 13:14:11 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012.11.26 19:29:52 | 000,000,156 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.11.26 13:02:14 | 000,000,806 | ---- | M] () -- C:\Users\Admin\Desktop\DrWeb.csv
[2012.11.25 11:44:01 | 000,003,584 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.17 17:12:33 | 000,305,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.17 16:53:45 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.17 16:53:45 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.17 16:53:45 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.17 16:53:45 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.17 16:51:32 | 000,002,603 | ---- | M] () -- C:\Users\Admin\Documents\command.cmf
[2012.11.12 14:00:49 | 000,017,558 | ---- | M] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_10-11-2012_0301.pdf
[2012.11.12 12:19:03 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.12 12:19:03 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.12 11:57:27 | 000,238,928 | ---- | M] () -- C:\Users\Admin\Desktop\fotobuch.jpg
[2012.11.10 17:40:38 | 001,001,282 | ---- | M] () -- C:\Users\Admin\Desktop\e3.png
[2012.11.10 12:18:08 | 371,964,956 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.11.08 16:57:40 | 000,002,752 | ---- | M] () -- C:\Users\Admin\Desktop\porsche-schriftzug_274x21px.jpg
[2012.11.08 16:49:07 | 000,028,439 | ---- | M] () -- C:\Users\Admin\Desktop\GT.jpg
[2012.11.08 14:39:27 | 000,015,743 | ---- | M] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_13-10-2012_0953-1.pdf
[2012.11.03 22:38:09 | 000,034,901 | ---- | M] () -- C:\Users\Admin\Desktop\Konto_502656-Auszug_2012_010.pdf.pdf
[2012.11.03 17:57:46 | 000,023,030 | ---- | M] () -- C:\Users\Admin\Desktop\Finanzreport_Nr.09_vom_01.11.2012064305-1.pdf
[2012.11.03 12:25:07 | 000,034,620 | ---- | M] () -- C:\Users\Admin\Desktop\Kontoauszug_63218003__Nr.010_vom_01.11.2012_20121103122452.pdf
[2012.11.03 12:24:46 | 000,028,545 | ---- | M] () -- C:\Users\Admin\Desktop\Kontoauszug_63218607__Nr.010_vom_01.11.2012_20121103122430.pdf
[2012.10.29 23:10:21 | 000,086,924 | ---- | M] () -- C:\Users\Admin\Desktop\81X0gYpIPPL._AA1500_.jpg
[2012.10.29 18:18:41 | 000,094,255 | ---- | M] () -- C:\Users\Admin\Desktop\Klettern.jpg
 
========== Files Created - No Company Name ==========
 
[2012.11.28 15:27:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.28 15:27:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.28 15:27:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.28 15:27:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.28 15:27:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.28 13:25:49 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2012.11.26 19:29:51 | 000,000,156 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.11.25 11:44:01 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.17 16:48:10 | 000,002,603 | ---- | C] () -- C:\Users\Admin\Documents\command.cmf
[2012.11.17 16:44:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.17 16:44:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.16 18:30:40 | 000,000,806 | ---- | C] () -- C:\Users\Admin\Desktop\DrWeb.csv
[2012.11.12 14:00:49 | 000,017,558 | ---- | C] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_10-11-2012_0301.pdf
[2012.11.12 11:57:27 | 000,238,928 | ---- | C] () -- C:\Users\Admin\Desktop\fotobuch.jpg
[2012.11.10 17:40:37 | 001,001,282 | ---- | C] () -- C:\Users\Admin\Desktop\e3.png
[2012.11.10 12:18:08 | 371,964,956 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.11.08 16:57:40 | 000,002,752 | ---- | C] () -- C:\Users\Admin\Desktop\porsche-schriftzug_274x21px.jpg
[2012.11.08 16:49:07 | 000,028,439 | ---- | C] () -- C:\Users\Admin\Desktop\GT.jpg
[2012.11.08 14:39:27 | 000,015,743 | ---- | C] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_13-10-2012_0953-1.pdf
[2012.11.03 22:38:09 | 000,034,901 | ---- | C] () -- C:\Users\Admin\Desktop\Konto_502656-Auszug_2012_010.pdf.pdf
[2012.11.03 17:57:46 | 000,023,030 | ---- | C] () -- C:\Users\Admin\Desktop\Finanzreport_Nr.09_vom_01.11.2012064305-1.pdf
[2012.11.03 12:25:07 | 000,034,620 | ---- | C] () -- C:\Users\Admin\Desktop\Kontoauszug_63218003__Nr.010_vom_01.11.2012_20121103122452.pdf
[2012.11.03 12:24:45 | 000,028,545 | ---- | C] () -- C:\Users\Admin\Desktop\Kontoauszug_63218607__Nr.010_vom_01.11.2012_20121103122430.pdf
[2012.10.29 23:10:21 | 000,086,924 | ---- | C] () -- C:\Users\Admin\Desktop\81X0gYpIPPL._AA1500_.jpg
[2012.10.29 18:18:41 | 000,094,255 | ---- | C] () -- C:\Users\Admin\Desktop\Klettern.jpg
[2012.09.22 19:35:54 | 000,016,975 | ---- | C] () -- C:\Users\Admin\candy.jpg
[2012.09.22 14:25:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.22 14:05:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.09.21 11:53:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.01.10 21:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012.01.10 21:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012.01.10 21:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012.01.10 20:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.01.10 20:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.01.10 20:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.11.2012 16:38:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,02% Memory free
5,85 Gb Paging File | 4,56 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 157,78 Gb Free Space | 52,93% Space Free | Partition Type: NTFS
 
Computer Name: FUJITSU | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CCA81ED-7F38-4219-9B45-50ABBFA4A987}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E031089-1F23-4B30-8BE9-A12514B812C0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1AB6F99F-B55A-4EF7-A820-B25020303EC5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{20071828-4703-40D1-9FA4-A6D2E117BABE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2659FDA5-DD56-49FF-B58F-9A03C3E4A5A9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3A2AAA46-E1F0-4EE4-A578-0B19DBBC2819}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E1B4502-6FA0-463B-9252-0C0D3505987E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43F50730-C456-4135-98A0-FDED2ACEB48F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{51AE98EF-6B3A-42C5-A016-D8A04BA91E77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{64D3804C-1094-41C5-8CB6-9AC530782EBC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{67AE0AF0-9DEC-4E61-89E9-4B8A82298AB2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{75159396-C8B9-426F-8FF0-F010F0FEB800}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{75A787EC-D187-4480-8B6C-30C722673A3C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7D61E6DC-F70A-4643-95B8-4862878337BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86C0F8B4-B1B9-4528-84E9-7588E596BAB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9EA49F75-3506-45AF-9B20-56FEF572BCDD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB96E35D-4E80-4B48-B53E-EA3248EA4EF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ADBB765B-542B-4418-A79E-83AB89457C77}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B2FC5747-9912-4CBF-8D58-10776E5C586C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BF3A242A-E0DE-47D5-A546-C09D0D41A61F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D4DDA857-9104-434F-9667-3D3622F90992}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DB1A60ED-4766-4841-A09E-7C65ECF09AD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DC6FD45C-9E27-49DA-B5BB-E9B7CB279DF2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E356F9AE-55EE-4FB0-A3D2-4E8BFCBE31DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC9914E1-538F-438A-A354-51D5A42B801D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{F3A00202-41C2-4C6D-8975-A021D11937FE}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05669E49-4C38-4F20-8772-BE3F96267D36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CB681E8-D7F2-4C36-A6E6-6DCE73A3AB16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0E438CD4-6177-4041-BC7D-427C95460D7F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{10A3AAAF-DE10-49A5-9C03-AB9D8ED3B1CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{24EAECE1-D8BA-4970-B353-22234D3FEF39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2AADFBFD-5F03-4EEA-8895-5FB93F7BF0E7}" = dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | 
"{46CB2368-F55A-4A3C-8885-A5A5AEE591BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{60673D87-8578-4825-B971-4945A7A3B55C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{72143582-5766-41C2-9AE5-EFBDA9419D83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7BCF1BAA-B0DD-4718-9668-A32C66DACBC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9404C740-8056-4FF7-8F95-DE6120728CFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{998B6097-B41C-4D0E-ADE3-1A7BA55E3FF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AC1263D2-E9E3-4874-B8C4-C47978F33ABD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AFD2EFE8-627E-443F-BAB9-0FE0E22E8BB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBDDF7D4-5A5C-4F37-94E4-2CD87B6DD9ED}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C79F760F-9162-4C2A-AAB5-B28F8AFCD85D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D419DA42-FE29-4355-89F6-97D0BC3CF95B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D489FC88-EF72-4EE0-AFE9-1FE6CECC70C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E5E6F58F-E0C8-42CB-91A6-493458ECFDFD}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E84604DF-857F-4F8A-8FFE-5AB654C9008C}" = protocol=6 | dir=out | app=system | 
"TCP Query User{05943D45-F61D-4614-A509-D62CA01B90F0}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe | 
"TCP Query User{784970EC-4841-46D2-93B0-DE6C800E8C02}C:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe | 
"TCP Query User{7A2C674B-9314-4530-A64D-DB2699BCF4AE}C:\spiele\blobby volley\volley.exe" = protocol=6 | dir=in | app=c:\spiele\blobby volley\volley.exe | 
"TCP Query User{AE2842A7-0654-473F-AF05-4E4A7C86A897}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0410531C-413C-4A7B-B809-FAE5515C83B1}C:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe | 
"UDP Query User{49A769DB-8D90-41F8-8D4A-6321551349C4}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{6B32386C-0428-4631-ADCD-3C597AA3C2A2}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe | 
"UDP Query User{CA215497-3730-4F73-989E-07D730954CC0}C:\spiele\blobby volley\volley.exe" = protocol=17 | dir=in | app=c:\spiele\blobby volley\volley.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2FBC78B6-125F-4E8C-8B18-2D7A3C2FD306}" = QIP 2012 7221 Jeak-Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Altair  HyperWorks  11.0.0.39 (Local 32-bit)" = Altair  HyperWorks  11.0.0.39 (Local 32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dassault Systemes B20_0" = Dassault Systemes Software B20
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QIP 2012 7221 Jeak-Edition 4.0.7221" = QIP 2012 7221 Jeak-Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.10.2012 13:18:39 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
 werden.
 
Error - 29.10.2012 13:21:31 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Microsoft Windows Search Filter Host"
 konnte nicht heruntergefahren werden.
 
Error - 29.10.2012 13:21:36 | Computer Name = Fujitsu | Source = Application Error | ID = 1000
Error - 29.10.2012 13:28:09 | Computer Name = Fujitsu | Source = VSS | ID = 8194
 
Description = 
Error - 29.10.2012 13:29:21 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager
 | ID = 10006
 
Description = Die Anwendung oder der Dienst "Windows Live Mail" konnte nicht heruntergefahren werden.
Error - 29.10.2012 13:29:33 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager
 | ID = 10006
 
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren werden.
Error - 05.11.2012 06:12:58 | Computer Name = Fujitsu | Source = Application Hang
 | ID = 1002
 
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1318

Startzeit: 01cdbb394941a220

Endzeit: 37

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 5d6ea3ff-2731-11e2-8ba7-e0ca94afd7d9

Error - 07.11.2012 14:34:48 | Computer Name = Fujitsu | Source = Application Hang
 | ID = 1002
 
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 300

Startzeit: 01cdbd1674bd02da

Endzeit: 5

Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID: bdd29e8a-2909-11e2-87eb-e0ca94afd7d9

Error - 10.11.2012 12:40:19 | Computer Name = Fujitsu | Source = Application Hang
 | ID = 1002
 
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 5bc

Startzeit: 01cdbf3736e76fc2

Endzeit: 102

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: 4afdac3a-2b55-11e2-ad12-e0ca94afd7d9

Error - 11.11.2012 13:07:58 | Computer Name = Fujitsu | Source = Application Error
 | ID = 1000
 
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680, Zeitstempel: 0x50882871
Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680, Zeitstempel: 0x508827d6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00130ef7
ID des fehlerhaften Prozesses: 0x1260
Startzeit der fehlerhaften Anwendung: 0x01cdbffb43599fc4
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll
Berichtskennung: 56e09248-2c22-11e2-a136-e0ca94afd7d9
Error - 28.11.2012 09:01:30 | Computer Name = Fujitsu | Source = Application Error
 | ID = 1000
 
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, Zeitstempel: 0x509be8bf
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d24
ID des fehlerhaften Prozesses: 0xd54
Startzeit der fehlerhaften Anwendung: 0x01cdcd63af9878d3
Pfad der fehlerhaften Anwendung: C:\Users\Admin\Desktop\aswMBR.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: b9ef0ae1-395b-11e2-a1a5-e0ca94afd7d9
 
Error encountered while reading event logs.
 
< End of report >
         
--- --- ---

Alt 28.11.2012, 16:56   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.11.2012, 11:27   #13
M4rc31
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Hallo cosinus,

sorry, das scannen hat ein bisschen länger gedauert: Wollte es über Nacht laufen lassen, aber habe nicht bedacht, dass ich auch die Einstellung für den Stromsparmodus entsprechend ändern sollte

Hier ist das Ergebnis von Eset, sieht ganzschön viel aus:

Zitat:
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf JS/Trackware.ReadNotify.A application
C:\Users\Admin\Desktop\Desktop\SD-Karte Evo\download\Order details.zip Win32/TrojanDownloader.Chepvil.A trojan
C:\Users\Admin\DoctorWeb\Quarantine\abe1d341.exe Win32/Dorkbot.B worm
C:\Users\Admin\DoctorWeb\Quarantine\abe1d342.exe Win32/Dorkbot.B worm
C:\Users\Admin\DoctorWeb\Quarantine\vzaiad_2.exe Win32/Dorkbot.B worm
C:\Users\Admin\DoctorWeb\Quarantine\vzaiad_3.exe Win32/Dorkbot.B worm
G:\fscommand.lnk Win32/Dorkbot.D worm
G:\Get_Started_for_Mac.app.lnk Win32/Dorkbot.D worm
G:\Filme.lnk Win32/Dorkbot.D worm
G:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm
G:\Kanye West - My Beautiful Dark Twisted Fantasy (2010).lnk Win32/Dorkbot.D worm
G:\System Volume Information.lnk Win32/Dorkbot.D worm
G:\Material.lnk Win32/Dorkbot.D worm
G:\Windows7.lnk Win32/Dorkbot.D worm
G:\Bilder Greenteam.lnk Win32/Dorkbot.D worm
G:\Bilder.lnk Win32/Dorkbot.D worm
G:\nane o2.lnk Win32/Dorkbot.D worm
G:\Prüfungen.lnk Win32/Dorkbot.D worm
G:\Catia-Kurs.lnk Win32/Dorkbot.D worm
G:\Uni.lnk Win32/Dorkbot.D worm
G:\Catia V5 R20 64bit.lnk Win32/Dorkbot.D worm
G:\mathcad.lnk Win32/Dorkbot.D worm
G:\backup 31.10.11.lnk Win32/Dorkbot.D worm
G:\Hyperworks11.lnk Win32/Dorkbot.D worm
G:\office10.lnk Win32/Dorkbot.D worm
G:\Recycled.lnk Win32/Dorkbot.D worm
G:\CATIA.V5.R20.SP0.Win32.SSQ.lnk Win32/Dorkbot.D worm
G:\Speicherkarte Evo 3D.lnk Win32/Dorkbot.D worm
G:\backup Dell XPS.lnk Win32/Dorkbot.D worm
G:\Neuer Ordner.lnk Win32/Dorkbot.D worm
G:\Festplatte Toshiba.lnk Win32/Dorkbot.D worm
G:\E-Mails alt.lnk Win32/Dorkbot.D worm
G:\E-Mails XPS.lnk Win32/Dorkbot.D worm
G:\Treiber.lnk Win32/Dorkbot.D worm
G:\XPS.lnk Win32/Dorkbot.D worm
G:\Marci Stick.lnk Win32/Dorkbot.D worm
G:\Minidump.lnk Win32/Dorkbot.D worm
G:\Bankauszüge.lnk Win32/Dorkbot.D worm
G:\Sony.lnk Win32/Dorkbot.D worm
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja--southern-baja_v1_m56577569830496005.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-directory-transport_v1_m56577569830496000.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-health_v1_m56577569830496001.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-language_v1_m56577569830496002.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos-planning-information.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Baja & Los Cabos7th Edition August 2007\baja-los-cabos_v1_m56577569830496003.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Guatemala3rd Edition September 2007\guatemala-language_v1_m56577569830495601.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\central-honduras_v1_m56577569830489916.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-language_v1_m56577569830489923.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Honduras & the Bay Islands1st Edition January 2007\honduras-the-bay-islands-health_v1_m56577569830489922.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-food_v1_m56577569830491278.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-introduction-tools.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-practical_v1_m56577569830491276.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-safe-travel_v1_m56577569830491279.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-social_v1_m56577569830491277.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Mexican Spanish1st Edition October 2003\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-directory_v1_m56577569830489993.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nic-el-health_v1_m56577569830489994.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Nicaragua & El Salvador1st Edition October 2006\nicaragua-el-salvador-language_v1_m56577569830489995.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Panama4th Edition November 2007\panama-language_v1_m56577569830490020.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-acapulco_v1_m56577569830490072.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-directory_v1_m56577569830490075.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-health_v1_m56577569830490076.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-language_v1_m56577569830490078.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-mazatlan_v1_m56577569830490062.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Puerto Vallarta & Pacific Mexico2nd Edition August 2006\pv-nayarit_v1_m56577569830490064.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-background-information_v1_m56577569830490126.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-campeche-state_v1_m56577569830490130.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-health_v1_m56577569830490135.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-language_v1_m56577569830490136.pdf JS/Trackware.ReadNotify.A application
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive\Yucatan3rd Edition November 2006\yucatan-planning-information.pdf JS/Trackware.ReadNotify.A application

Alt 30.11.2012, 12:23   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Zitat:
G:\XPS\Desktop\Reise\Lonely Planet\L0n3ly_Plan3t_downarchive
Was bitte soll das sein?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.11.2012, 12:40   #15
M4rc31
 
Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Standard

Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen



Hallo cosinus,

das sind noch Dateien von der Reise meiner Freundin, stammen also eigentlich nicht von mir. Wenn die Dateien evtl. nicht den Board-Regeln entsprechen, könntest du mir ja bitte Hinweise für die anderen Dateien geben?

Danke

Grüße

M4rc31

Antwort

Themen zu Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen
dateien, daten, festplatte, folge, formatieren, freundin, gen, hallo zusammen, komplett, löschen, nicht löschen, nichts, ordner, platte, problem, rechner, retten, system, systeme, trojan, trojaner, verschwunden, versteckte, virus, wechseldatenträger, wichtige daten



Ähnliche Themen: Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen


  1. Windows 7: Dateien auf USB-Stick werden zu Verknüpfungen die auf den Ordner .trashes verweisen
    Log-Analyse und Auswertung - 21.06.2015 (23)
  2. USB-Stick nur noch mit Verknüpfungen
    Log-Analyse und Auswertung - 01.05.2015 (13)
  3. USB-Stick zeigt nur noch Verknüpfungen an
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (17)
  4. Daten auf USB hinter Verknüpfungen - Virus auf PC?
    Log-Analyse und Auswertung - 12.10.2014 (15)
  5. Windows 7: Daten auf USB Stick werden nur noch als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 01.06.2014 (9)
  6. Dateien und Ordner auf Wechseldatenträger werden als Verknüpfungen angezeigt
    Plagegeister aller Art und deren Bekämpfung - 01.02.2014 (32)
  7. Nur noch Verknüpfungen auf USB-STick
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (33)
  8. Externe Festplatte zeigt nur Verknüpfungen an - Daten mit Linux sichern
    Alles rund um Windows - 13.11.2012 (3)
  9. USB nur noch Verknüpfungen
    Log-Analyse und Auswertung - 11.10.2012 (1)
  10. RECYCLER Ordner auf externen Datenträgern, Nur noch Verknüpfungen..Wo sind meine Daten hin?
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (4)
  11. Daten auf ext. FP weg bzw. nur noch Verknüpfungen werden angezeigt!
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (23)
  12. Wechseldatenträger zeigt nur noch Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (10)
  13. Ordner auf Wechseldatenträger sind nur noch Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (42)
  14. Nur noch Verknüpfungen auf Wechseldatenträger
    Log-Analyse und Auswertung - 09.09.2011 (50)
  15. Daten auf Externer HDD nur noch als Verknüpfungen
    Log-Analyse und Auswertung - 02.09.2011 (15)
  16. Wechseldatenträger zeigt nur noch VERKNÜPFUNGEN an
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (1)
  17. Alle Daten auf externe Festplatte nur Verknüpfungen...HILFE
    Plagegeister aller Art und deren Bekämpfung - 25.06.2011 (1)

Zum Thema Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen - Hallo zusammen, ich habe folgendes Problem: meine Freundin hat sich wohl auf einer Südafrikareise einen netten Virus eingefangen, der sich natürlich sofort auch auf mein System ausgeweitet hat: Sobald ich - Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen...
Archiv
Du betrachtest: Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.