Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 29.08.2011, 14:00   #1
zappalou
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Hallo,

habe das Problem, dass alle Ordner auf externen Datentraegern bei mir als Verknuefungen angezeigt werden. Das Problem ist offentlich bekannt bekomme das Thema aber alleine nicht geloest.

Es ist ein Thinkpad-Laptop den ich gebraucht auf Ebay erworben hatte (vor ca. 1 Jahr).

Wuerde mich riesig ueber Eure Hilfe freuen.

Hier die entsprechenden nach Anleitung erstellten LOGs.

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 8/29/2011 1:34:00 PM - Run 4
OTL by OldTimer - Version 3.2.26.6     Folder = E:\Documents and Settings\Claus\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.86 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 66.43% Memory free
3.71 Gb Paging File | 3.16 Gb Available in Paging File | 85.04% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 1.17 Gb Total Space | 0.53 Gb Free Space | 44.93% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.42 Gb Free Space | 34.99% Space Free | Partition Type: NTFS
Drive E: | 68.76 Gb Total Space | 40.07 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
Drive F: | 153.18 Gb Total Space | 147.58 Gb Free Space | 96.34% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 0.43 Gb Free Space | 22.90% Space Free | Partition Type: FAT
 
Computer Name: CLAUS-THINK | User Name: Claus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/08/29 12:45:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Claus\Desktop\OTL.exe
PRC - [2011/06/29 03:07:57 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/28 03:15:02 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- E:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/04/29 01:59:52 | 000,136,360 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/24 01:38:00 | 000,292,200 | ---- | M] (Lenovo.) -- E:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2011/03/24 01:38:00 | 000,053,608 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/03/08 13:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/03/08 13:20:58 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/17 19:24:36 | 000,132,392 | ---- | M] (Synaptics Incorporated) -- E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2011/01/14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/01/07 04:57:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2010/12/14 15:57:20 | 000,136,040 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/10/29 20:25:12 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2010/09/22 14:18:46 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- E:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2010/09/22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- E:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/17 17:51:38 | 000,184,320 | ---- | M] (Lenovo ) -- E:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/09/17 17:51:06 | 000,176,128 | ---- | M] (Lenovo ) -- E:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/09/17 17:46:16 | 000,237,568 | ---- | M] (Lenovo ) -- E:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/09/17 17:46:06 | 000,098,304 | ---- | M] (Lenovo ) -- E:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/05/03 12:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/03 12:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/18 18:48:34 | 002,412,032 | ---- | M] (Vodafone) -- E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009/09/18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) -- E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009/09/06 02:29:06 | 000,385,024 | ---- | M] (shbox.de) -- E:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009/07/23 03:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2009/06/12 19:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/10/30 15:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- E:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2007/09/27 02:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- E:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2005/10/28 16:25:44 | 000,094,208 | ---- | M] (Nero AG) -- E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/08/26 16:29:20 | 000,998,400 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
MOD - [2011/08/26 16:29:18 | 000,212,992 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/26 16:29:05 | 000,771,584 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7e0214a811f81e09041864081139641\System.Runtime.Remoting.ni.dll
MOD - [2011/08/26 16:29:03 | 000,627,200 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
MOD - [2011/08/26 16:29:00 | 000,679,936 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
MOD - [2011/08/26 16:28:57 | 000,971,264 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/26 16:03:12 | 005,450,752 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/26 16:03:03 | 012,430,848 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/26 16:02:41 | 001,587,200 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/26 16:00:12 | 006,616,576 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
MOD - [2011/08/26 15:59:58 | 000,539,648 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
MOD - [2011/08/26 15:59:57 | 000,224,768 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
MOD - [2011/08/26 15:59:07 | 012,215,808 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
MOD - [2011/08/26 15:58:55 | 003,325,440 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
MOD - [2011/08/26 15:58:44 | 007,950,848 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/26 15:57:54 | 002,933,248 | ---- | M] () -- E:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/08/26 15:57:40 | 000,261,632 | ---- | M] () -- E:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/06/19 03:16:37 | 000,060,928 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll
MOD - [2011/06/19 03:10:25 | 011,490,816 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/03/24 01:38:00 | 000,054,272 | ---- | M] () -- E:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL
MOD - [2011/03/24 01:38:00 | 000,041,984 | ---- | M] () -- E:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2011/02/17 19:24:04 | 000,066,856 | ---- | M] () -- E:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
MOD - [2010/09/22 14:18:56 | 002,860,384 | ---- | M] () -- E:\WINDOWS\system32\btwicons.dll
MOD - [2010/09/22 14:18:56 | 000,075,112 | ---- | M] () -- E:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2010/09/17 18:37:58 | 000,043,520 | ---- | M] () -- E:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
MOD - [2010/09/17 18:37:50 | 000,249,856 | ---- | M] () -- E:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2010/09/17 18:37:28 | 000,077,824 | ---- | M] () -- E:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
MOD - [2010/08/16 00:08:44 | 000,094,208 | ---- | M] () -- E:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/06/24 08:46:42 | 005,279,744 | ---- | M] () -- E:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2010/06/17 14:27:22 | 000,355,688 | ---- | M] () -- E:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/04/14 13:00:00 | 000,355,112 | ---- | M] () -- E:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/04/14 13:00:00 | 000,014,336 | ---- | M] () -- E:\WINDOWS\system32\msdmo.dll
MOD - [2007/07/12 11:11:54 | 001,163,264 | ---- | M] () -- E:\Program Files\ThinkPad Wireless LAN Adapter Software\acAuth.dll
MOD - [2005/01/07 03:33:30 | 000,116,224 | ---- | M] () -- E:\WINDOWS\system32\redmonnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (WPFFontCache_v0400)
SRV - [2011/06/29 03:07:57 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/29 01:59:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/24 01:38:00 | 000,292,200 | ---- | M] (Lenovo.) [Auto | Running] -- E:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011/03/24 01:38:00 | 000,061,440 | ---- | M] () [Auto | Stopped] -- E:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011/01/14 15:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010/12/03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010/12/02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/11/24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\HOTKEY\micmute.exe -- (Lenovo.micmute)
SRV - [2010/09/22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- E:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/17 17:46:16 | 000,237,568 | ---- | M] (Lenovo ) [Auto | Running] -- E:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 17:46:06 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- E:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/05/03 12:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- E:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/03 12:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- E:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/06/12 19:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/04/14 13:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\tape.sys -- (Algsvp)
SRV - [2007/09/27 02:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- E:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/29 03:07:58 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/29 03:07:58 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/03/24 01:38:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2011/03/24 01:38:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2011/01/13 11:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2011/01/07 04:57:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2010/12/17 16:51:10 | 000,217,088 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2010/12/17 16:51:08 | 000,993,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2010/12/17 16:51:06 | 000,738,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2010/10/29 09:19:32 | 000,876,392 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\rtl8192se.sys -- (RTL8192se)
DRV - [2010/10/20 02:09:58 | 001,761,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/10/15 00:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2010/09/23 09:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/16 19:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/09/07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/07/22 09:38:14 | 000,167,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2010/06/19 23:31:28 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/06/19 21:53:43 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- E:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/06/16 13:44:38 | 000,120,432 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2010/06/16 13:44:38 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010/02/27 17:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/18 13:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 21:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/18 13:06:56 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009/08/18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/08/18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/08/18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/08/18 13:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/06/30 18:46:24 | 000,009,728 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/02/12 23:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/07/24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/02/04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/02/04 17:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/06/08 09:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\stm_tpm.sys -- (stmtpm)
DRV - [2007/02/19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62202
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.nytimes.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: foxyproxy-basic@eric.h.jung:1.8.5
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: E:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: e:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: e:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: E:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: E:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: e:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: E:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: E:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: E:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/28 03:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0FABD6D5-1B0C-4A0C-A8B6-EA54B0579AA6}: E:\Documents and Settings\Claus\Local Settings\Application Data\{0FABD6D5-1B0C-4A0C-A8B6-EA54B0579AA6} [2011/08/28 23:08:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2011/08/27 22:51:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2011/06/28 03:19:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2011/06/28 03:18:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins
 
[2010/06/19 05:16:38 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Claus\Application Data\Mozilla\Extensions
[2010/06/19 05:16:38 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Claus\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/26 16:08:20 | 000,000,000 | ---D | M] (No name found) -- E:\Documents and Settings\Claus\Application Data\Mozilla\Firefox\Profiles\ax2bi79i.default\extensions
[2011/08/26 16:08:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- E:\Documents and Settings\Claus\Application Data\Mozilla\Firefox\Profiles\ax2bi79i.default\extensions\foxyproxy-basic@eric.h.jung
[2011/08/29 08:17:14 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files\Mozilla Firefox\extensions
[2011/08/29 08:17:15 | 000,000,000 | ---D | M] (Click to call with Skype) -- E:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- E:\DOCUMENTS AND SETTINGS\CLAUS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\AX2BI79I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/08/28 23:08:01 | 000,000,000 | ---D | M] (XULRunner) -- E:\DOCUMENTS AND SETTINGS\CLAUS\LOCAL SETTINGS\APPLICATION DATA\{0FABD6D5-1B0C-4A0C-A8B6-EA54B0579AA6}
[2011/08/27 22:51:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- E:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/03/10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- E:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,734 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - E:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - E:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - E:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - E:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACWLIcon] E:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [avgnt] E:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] E:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] E:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IMSS] E:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] E:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] E:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MobileConnect] E:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PWRMGRTR] E:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] E:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RotateImage] E:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [SmartAudio] E:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TkBellExe] E:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] E:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Eqgcgg] E:\Documents and Settings\Claus\Application Data\Eqgcgg.exe File not found
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = E:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: E:\Documents and Settings\Claus\Start Menu\Programs\Startup\Dropbox.lnk = E:\Documents and Settings\Claus\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - E:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - E:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/19 04:06:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 18:32:46 | 000,000,049 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - E:\WINDOWS\system32\ieudinit.exe
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {26923b43-4d38-484f-9b9e-de460746276c} - E:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C07CFD67-3425-4854-3339-13A189BA2A37} - NetShow
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/08/29 12:45:06 | 000,580,096 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Claus\Desktop\OTL.exe
[2011/08/29 09:35:39 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Claus\Application Data\Malwarebytes
[2011/08/29 09:35:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/29 09:35:34 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 09:35:33 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/29 09:35:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2011/08/29 09:35:30 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2011/08/29 09:32:34 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- E:\Documents and Settings\Claus\Desktop\mbam-setup1511.exe
[2011/08/29 09:08:19 | 000,000,000 | RH-D | C] -- E:\Documents and Settings\Claus\Recent
[2011/08/29 08:17:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/08/28 23:08:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Claus\Local Settings\Application Data\{0FABD6D5-1B0C-4A0C-A8B6-EA54B0579AA6}
[2010/06/19 05:42:56 | 000,004,096 | ---- | C] ( ) -- E:\WINDOWS\System32\IGFXDEVLib.dll
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/29 13:35:09 | 000,436,276 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2011/08/29 13:35:09 | 000,069,006 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2011/08/29 13:30:48 | 000,000,300 | ---- | M] () -- E:\WINDOWS\tasks\PMTask.job
[2011/08/29 13:30:24 | 000,000,278 | ---- | M] () -- E:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-583907252-2139871995-1801674531-1003.job
[2011/08/29 13:30:22 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2011/08/29 13:30:18 | 2000,334,848 | -HS- | M] () -- E:\hiberfil.sys
[2011/08/29 12:51:59 | 000,302,592 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\gkd8q4ho.exe
[2011/08/29 12:45:25 | 000,000,020 | ---- | M] () -- E:\Documents and Settings\Claus\defogger_reenable
[2011/08/29 12:45:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Claus\Desktop\OTL.exe
[2011/08/29 12:44:05 | 000,050,477 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\Defogger.exe
[2011/08/29 12:26:33 | 052,687,357 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\vdf_fusebundle.zip
[2011/08/29 09:37:31 | 067,980,144 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\avira_antivir_personal_de.exe
[2011/08/29 09:35:35 | 000,000,787 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 09:35:18 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- E:\Documents and Settings\Claus\Desktop\mbam-setup1511.exe
[2011/08/29 08:16:09 | 000,002,283 | ---- | M] () -- E:\Documents and Settings\Claus\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2011/08/28 21:12:02 | 000,000,466 | ---- | M] () -- E:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/08/28 20:51:59 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2011/08/27 16:01:32 | 000,147,858 | ---- | M] () -- E:\Documents and Settings\Claus\Desktop\Boarding Pass.pdf
[2011/08/26 15:54:07 | 000,000,206 | ---- | M] () -- E:\WINDOWS\System32\MRT.INI
[2011/08/26 05:55:17 | 000,007,674 | ---- | M] () -- E:\Documents and Settings\Claus\Application Data\FA9A.D2E
[2011/08/26 03:47:02 | 000,000,528 | ---- | M] () -- E:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/02 03:18:00 | 000,000,286 | ---- | M] () -- E:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-2139871995-1801674531-1003.job
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/08/29 12:51:57 | 000,302,592 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\gkd8q4ho.exe
[2011/08/29 12:44:44 | 000,000,020 | ---- | C] () -- E:\Documents and Settings\Claus\defogger_reenable
[2011/08/29 12:44:03 | 000,050,477 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\Defogger.exe
[2011/08/29 11:55:42 | 052,687,357 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\vdf_fusebundle.zip
[2011/08/29 09:35:35 | 000,000,787 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 09:26:59 | 067,980,144 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\avira_antivir_personal_de.exe
[2011/08/27 16:01:32 | 000,147,858 | ---- | C] () -- E:\Documents and Settings\Claus\Desktop\Boarding Pass.pdf
[2011/08/26 15:54:06 | 000,000,206 | ---- | C] () -- E:\WINDOWS\System32\MRT.INI
[2011/08/02 08:16:50 | 001,073,640 | ---- | C] () -- E:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/08/01 20:16:05 | 000,007,674 | ---- | C] () -- E:\Documents and Settings\Claus\Application Data\FA9A.D2E
[2011/04/20 01:16:24 | 000,000,664 | ---- | C] () -- E:\WINDOWS\System32\d3d9caps.dat
[2010/10/05 01:07:12 | 000,000,108 | ---- | C] () -- E:\WINDOWS\BREAK2.INI
[2010/10/03 13:44:02 | 000,000,069 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2010/09/22 14:18:56 | 002,860,384 | ---- | C] () -- E:\WINDOWS\System32\btwicons.dll
[2010/08/24 13:39:10 | 000,015,873 | ---- | C] () -- E:\WINDOWS\System32\Inetde.dll
[2010/08/03 23:45:37 | 000,000,256 | ---- | C] () -- E:\WINDOWS\System32\pool.bin
[2010/07/05 01:08:48 | 000,030,720 | ---- | C] () -- E:\Documents and Settings\Claus\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/30 03:53:33 | 000,116,224 | ---- | C] () -- E:\WINDOWS\System32\redmonnt.dll
[2010/06/30 03:53:33 | 000,045,056 | ---- | C] () -- E:\WINDOWS\System32\unredmon.exe
[2010/06/28 00:01:59 | 000,000,332 | ---- | C] () -- E:\WINDOWS\System32\CNCMFP23.INI
[2010/06/21 06:00:37 | 000,165,376 | ---- | C] () -- E:\WINDOWS\System32\unrar.dll
[2010/06/20 06:17:15 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2010/06/20 00:40:43 | 001,474,832 | ---- | C] () -- E:\WINDOWS\System32\drivers\sfi.dat
[2010/06/19 08:19:46 | 000,000,056 | -H-- | C] () -- E:\WINDOWS\System32\ezsidmv.dat
[2010/06/19 07:20:07 | 000,004,224 | ---- | C] () -- E:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/06/19 07:13:15 | 000,196,608 | ---- | C] () -- E:\WINDOWS\PWMBTHLP.EXE
[2010/06/19 06:27:11 | 000,000,661 | ---- | C] () -- E:\WINDOWS\System32\VoipUpdate.ini
[2010/06/19 05:42:56 | 000,867,020 | ---- | C] () -- E:\WINDOWS\System32\igkrng575.bin
[2010/06/19 05:42:56 | 000,128,204 | ---- | C] () -- E:\WINDOWS\System32\igcompkrng575.bin
[2010/06/19 05:42:55 | 000,000,151 | ---- | C] () -- E:\WINDOWS\System32\GfxUI.exe.config
[2010/06/19 04:42:34 | 000,000,000 | ---- | C] () -- E:\WINDOWS\nsreg.dat
[2010/06/19 04:37:16 | 000,339,968 | ---- | C] () -- E:\WINDOWS\System32\AegisI5Installer.exe
[2010/06/19 04:37:06 | 000,451,072 | ---- | C] () -- E:\WINDOWS\System32\ISSRemoveSP.exe
[2010/06/19 04:09:03 | 000,002,048 | --S- | C] () -- E:\WINDOWS\bootstat.dat
[2010/06/19 04:02:38 | 000,021,640 | ---- | C] () -- E:\WINDOWS\System32\emptyregdb.dat
[2010/06/18 20:48:23 | 000,004,161 | ---- | C] () -- E:\WINDOWS\ODBCINST.INI
[2010/06/18 20:46:54 | 000,223,224 | ---- | C] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/15 19:17:10 | 000,130,520 | R--- | C] () -- E:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2009/08/04 00:07:42 | 000,403,816 | ---- | C] () -- E:\WINDOWS\System32\OGACheckControl.dll
[2009/08/04 00:07:42 | 000,230,768 | ---- | C] () -- E:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 13:00:00 | 013,107,200 | ---- | C] () -- E:\WINDOWS\System32\oembios.bin
[2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- E:\WINDOWS\System32\mlang.dat
[2008/04/14 13:00:00 | 000,436,276 | ---- | C] () -- E:\WINDOWS\System32\perfh009.dat
[2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- E:\WINDOWS\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- E:\WINDOWS\System32\dssec.dat
[2008/04/14 13:00:00 | 000,069,006 | ---- | C] () -- E:\WINDOWS\System32\perfc009.dat
[2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- E:\WINDOWS\System32\mib.bin
[2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- E:\WINDOWS\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- E:\WINDOWS\System32\secupd.dat
[2008/04/14 13:00:00 | 000,004,463 | ---- | C] () -- E:\WINDOWS\System32\oembios.dat
[2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- E:\WINDOWS\System32\Dcache.bin
[2008/04/14 13:00:00 | 000,000,741 | ---- | C] () -- E:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- E:\WINDOWS\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010/06/19 20:43:21 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Conexant
[2010/06/19 21:53:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/06/19 21:46:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/06/30 03:53:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\FreePDF
[2011/04/26 23:37:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Lenovo
[2011/07/06 03:33:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\PCDr
[2010/08/23 14:52:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/12/09 13:29:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\ScreenVCR
[2011/01/27 11:43:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Titanium
[2010/06/19 23:31:30 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TrueCrypt
[2010/09/11 16:07:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Vodafone
[2011/06/23 03:25:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\.purple
[2010/07/04 16:04:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Avaya
[2010/08/04 00:06:59 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Blackberry Desktop
[2010/11/28 21:18:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\BOM
[2010/06/19 23:25:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\DAEMON Tools Lite
[2010/06/19 21:46:43 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\DAEMON Tools Pro
[2011/08/29 12:49:36 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Dropbox
[2010/12/09 13:17:51 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\DVDVideoSoft
[2010/06/19 08:18:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\enchant
[2011/05/03 06:16:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\FileZilla
[2011/08/02 03:25:24 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\foobar2000
[2011/01/25 00:29:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\gtk-2.0
[2011/04/26 23:49:54 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Lenovo
[2011/07/06 03:34:03 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\PCDr
[2011/04/26 23:56:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\PwrMgr
[2010/08/24 08:59:01 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Research In Motion
[2010/06/19 05:16:38 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Thunderbird
[2011/01/27 11:43:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Titanium
[2010/12/09 12:48:29 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Toolbar4
[2010/06/19 23:31:47 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\TrueCrypt
[2011/07/06 03:28:53 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Update
[2010/09/11 09:57:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Vodafone
[2010/08/05 19:53:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Claus\Application Data\Windows Search
[2011/08/26 03:47:02 | 000,000,528 | ---- | M] () -- E:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/08/29 13:30:48 | 000,000,300 | ---- | M] () -- E:\WINDOWS\Tasks\PMTask.job
[2011/08/28 21:12:02 | 000,000,466 | ---- | M] () -- E:\WINDOWS\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010/06/28 00:00:25 | 000,000,000 | -H-D | M] -- E:\CanonMF
[2010/08/03 09:37:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings
[2010/06/19 07:17:19 | 000,000,000 | ---D | M] -- E:\DRIVERS
[2011/04/26 23:35:24 | 000,000,000 | ---D | M] -- E:\Icons
[2010/06/19 05:33:08 | 000,000,000 | ---D | M] -- E:\Intel
[2010/08/29 17:57:38 | 000,000,000 | ---D | M] -- E:\logs
[2010/08/04 22:18:49 | 000,000,000 | RH-D | M] -- E:\MSOCache
[2011/08/29 09:35:30 | 000,000,000 | R--D | M] -- E:\Program Files
[2010/06/19 04:31:50 | 000,000,000 | -HSD | M] -- E:\RECYCLER
[2010/06/19 04:12:52 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2011/08/29 13:30:42 | 000,000,000 | ---D | M] -- E:\WINDOWS
[2010/06/19 04:27:15 | 000,000,000 | ---D | M] -- E:\WLANRLTK
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\explorer.exe
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- E:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008/04/14 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- E:\WINDOWS\regedit.exe
[2008/04/14 13:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) MD5=058710B720282CA82B909912D3EF28DB -- E:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- E:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- E:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-26 13:58:32

< End of report >
         

Ich habe den OTL Scan wie beschrieben mehrmals (zwischendurch Neustarts) durchgefuehrt. Bei mir wird keine Extra.txt erstellt. Lediglich die OTL.txt.

GMER.txt findet Ihr im Anhang.
Ich hoffe, Ihr koennt mir helfen und sende beste Gruesse
Claus

Alt 29.08.2011, 14:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 29.08.2011, 17:38   #3
zappalou
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Hallo,

vielen Dank fuer die schnelle Antwort und das herzliche Wilkommen :-)

Hier die vorliegenden Berichte/Logs von malwarebytes

1)
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7603

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/29/2011 11:40:28 AM
mbam-log-2011-08-29 (11-40-28).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|I:\|M:\|)
Objects scanned: 245235
Time elapsed: 1 hour(s), 1 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
e:\WINDOWS\ashod1.dll (Trojan.Hiloti) -> Delete on reboot.
e:\WINDOWS\owokuqisalut.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wpubomatu (Trojan.Hiloti) -> Value: Wpubomatu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lgetixoretubedi (IPH.Trojan.Hiloti.B) -> Value: Lgetixoretubedi -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
e:\WINDOWS\ashod1.dll (Trojan.Hiloti) -> Delete on reboot.
e:\WINDOWS\owokuqisalut.dll (IPH.Trojan.Hiloti.B) -> Delete on reboot.
e:\documents and settings\Claus\application data\Adobe\plugs\mmc100857281.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP331\A0069146.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP331\A0069147.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP346\A0070660.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP346\A0070661.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP347\A0071001.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\system volume information\_restore{34abb9f1-7aa6-4932-af93-a0dc35785626}\RP347\A0071002.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\WINDOWS\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
e:\documents and settings\Claus\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
e:\documents and settings\Claus\application data\Adobe\plugs\mmc120.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
e:\documents and settings\Claus\application data\Adobe\plugs\mmc33.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
         

2)
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7603

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/29/2011 11:56:14 AM
mbam-log-2011-08-29 (11-56-14).txt

Scan type: Quick scan
Objects scanned: 170831
Time elapsed: 3 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         

3)
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7603

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/29/2011 4:16:30 PM
mbam-log-2011-08-29 (16-16-29).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|I:\|)
Objects scanned: 245172
Time elapsed: 43 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
         
__________________

Alt 29.08.2011, 18:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Zitat:
e:\WINDOWS\Keygen.exe (RiskWare.Tool.CK)


Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.08.2011, 18:50   #5
zappalou
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Hallo Arne,

vielen Dank fuer die offene Antwort.

Auf meinem PC habe ich aber nur legale Software installiert und keine "Keygen" oder aehnliche Sachen. Wie ich oben geschrieben habe, habe ich den PC bei ebay erworben. Vielleicht sind die Sachen noch vom Vorgaenger? (Habe allerdings alle Software komplett deinstalliert - kann da trotzdem noch was "haengenbleiben").

Es waere fuer mich super-wichtig, das System nicht neu aufsetzen zu muessen.

Ueber eine Antwort wuerde ich mich sehr freuen.

Danke mit besten Gruessen
Claus


Alt 29.08.2011, 19:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Zitat:
Vielleicht sind die Sachen noch vom Vorgaenger? (Habe allerdings alle Software komplett deinstalliert - kann da trotzdem noch was "haengenbleiben").
Genau deswegen und auch aus anderen Gründen setzt man den Rechner sauber neu auf, wenn man ihn gebraucht gekauft hat. Liegt sowohl im Interesse des Verkäufers als auch des Käufers.

Der Verkäufer will u.U. nicht, dass private Daten in die Hände des Käufers gelangen. Deswegen sollte der Verkäufer schon dafür Sorge tragen, dass alle privaten/sensiblen Daten vernichtet und auch nicht mit speziellen Wiederherstellungstools sichtbar gemacht werden können. Ganze Festplatten kann man zB mit DBAN überschreiben und somit alle Daten vernichten.

Der Käufer will bestimmt nicht mit einem vermurksten/verseuchten Betriebssystem unterwegs sein, wer weiß welcher Dreck sich da angesammelt hat - deswegen sollte der Käufer das OS neu aufsetzen oder vom Verkäufer neu aufsetzen lassen.

Zitat:
Es waere fuer mich super-wichtig, das System nicht neu aufsetzen zu muessen.
Daten sichern über Live-CD auf externe Platte, dann alles plattemachen und Windows neu installieren.
__________________
--> Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt

Alt 29.08.2011, 19:28   #7
zappalou
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Hallo,

vielen Dank. Ich glaube Du hast mich ueberzeugt.

Dazu noch eine Frage.

Code:
ATTFilter
Daten sichern über Live-CD auf externe Platte, dann alles plattemachen und Windows neu installieren.
         
Meine externe Festplatte zeigt alles in Verknuepfungen an (wie oben beschrieben). Ist der Virus dort nicht oben sondern nur auf meinem System? Oder muss erst die Externe Festplatte "gesaeubert" werden, bevor ich das Backup mache.

Gruss
Claus

Alt 29.08.2011, 19:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Schließ die externe Platte auch im Live-System (Linux) an, dann kannst du von der externen Platte die Verknüpfungen löschen, die eigentlich Ordner mit deinen Daten sind alle noch da.
Die Verknüpfungen sind die Ordnernamen mit einem .lnk dahinter.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.08.2011, 21:26   #9
zappalou
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Ich bin echt verzweifelt...

Habe wie beschrieben gestern nacht und heute den gesamten Tag mein System neu aufgesetzt. Dann habe ich mein Blackberry angeschlossen (zwecks Synchr.) und der Virus ist wieder da... Habe dann in vielen Foren gestoebert und das Problem sogar zeitweise beheben koennen. ( hxxp://en.kioskea.net/faq/8734-files-on-flash-drive-changed-to-shortcuts )

Nach einem Neustart ist alles wie vorher...

Was soll ich tun?

Alt 31.08.2011, 10:57   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Standard

Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt



Welcher "Virus" ist wieder da oder geht es um das Anzeigen der versteckten Ordner? Bitte genauer beschreiben
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt
antivir, avira, bho, datentraeger, download, ebay, excel, excel.exe, explorer, firefox, format, ftp, gebraucht, helper, logfile, microsoft, monitor, mozilla thunderbird, ordner, otl scan, plug-in, problem, realtek, registry, rundll, scan, software, start menu, usb, usb stick, verknuepfungen, version=1.0, vodafone, winlogon.exe




Ähnliche Themen: Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt


  1. Windows 8: Ordner werden als shortcut angezeigt, tlw. auch USB-Sticks
    Log-Analyse und Auswertung - 30.05.2015 (21)
  2. Ordner und Dateien auf externen Laufwerken werden nur als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 04.10.2014 (19)
  3. Auf USB-Sticks werden nur Verknüpfungen angezeigt! Win7
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (11)
  4. Auf USB Sticks werden Ordner+Dateien nur als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 06.01.2014 (13)
  5. Ordner auf externer Festplatte und USB-Sticks als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (3)
  6. Ordner auf Externen Festplatte werden nur noch als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 07.10.2012 (3)
  7. Ordner im USB vom Typ Anwendung(Ordner werden als Anwendungen angezeigt)
    Log-Analyse und Auswertung - 30.08.2012 (1)
  8. Trojaner/Virus -zeigt sich durch Ordner auf externen Festplatte die als Verknüpfung angezeigt werden
    Log-Analyse und Auswertung - 28.02.2012 (29)
  9. Virus - Ordner auf externen Datenträgern werden zu Verknüpfungen
    Log-Analyse und Auswertung - 23.02.2012 (7)
  10. Nach Trojaner werden die Ordner auf den externen Festplatten nur noch als Verküpfung angezeigt
    Log-Analyse und Auswertung - 14.01.2012 (9)
  11. Ordner werden auch bei mir nach Virenbefall auf der Externen nur noch als Verknüpfungen angezeigt
    Log-Analyse und Auswertung - 03.12.2011 (4)
  12. Auf externen Datenträgern werden Ordner zu Verknüpfungen
    Log-Analyse und Auswertung - 06.11.2011 (4)
  13. Ordner auf USB-Sticks werden nur als Verknüpfung dargestellt
    Log-Analyse und Auswertung - 19.10.2011 (34)
  14. b71b77f5.exe - Ordner auf externen Speichermedien werden zu Verknüpfungen nach cmd.exe
    Log-Analyse und Auswertung - 18.07.2011 (5)
  15. b71b77f5.exe - Ordner auf externen Speichermedien werden zu Verknüpfungen nach cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 13.07.2011 (1)
  16. Festplatten, USB-Sticks werden nicht angezeigt!
    Alles rund um Windows - 14.04.2010 (2)
  17. Meine Usb Festplatten und Sticks werden als Pendrive angezeigt
    Plagegeister aller Art und deren Bekämpfung - 22.03.2010 (11)

Zum Thema Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt - Hallo, habe das Problem, dass alle Ordner auf externen Datentraegern bei mir als Verknuefungen angezeigt werden. Das Problem ist offentlich bekannt bekomme das Thema aber alleine nicht geloest. Es ist - Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt...
Archiv
Du betrachtest: Ordner auf USB-Sticks und externen HDDs werden als Verknuepfungen angezeigt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.