Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Dateien nur noch als Verknüpfung auf externer FP

Dateien nur noch als Verknüpfung auf externer FP


Log-Analyse und Auswertung: Dateien nur noch als Verknüpfung auf externer FP

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 31.12.2011, 15:53   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Dateien nur noch als Verknüpfung auf externer FP - Standard

Dateien nur noch als Verknüpfung auf externer FP


Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html
Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen

Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör

Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen:

Code:
ATTFilter
attrib -s -h "x:\ordner" /s /d
x: => Muss angepasst werden, den passenden Buchstaben verwenden
"ordner" muss dann der jew. richtige Ordnername sein

Vgl. diesen Strang => http://www.trojaner-board.de/102950-...traeger-2.html


Mach danach ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.01.2012, 12:56   #2
Dennis Drews
 
Dateien nur noch als Verknüpfung auf externer FP - Standard

Dateien nur noch als Verknüpfung auf externer FP


ich hoffe, ich habe deine "code-anleitung" richtig interpretiert....
was ist denn mit dem "extra.txt"? brauchst du den text auch?

greetz

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.01.2012 11:15:53 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Dennis\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 44,85% Memory free
4,22 Gb Paging File | 2,75 Gb Available in Paging File | 65,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 122,59 Gb Total Space | 32,50 Gb Free Space | 26,51% Space Free | Partition Type: NTFS
Drive D: | 26,45 Gb Total Space | 22,72 Gb Free Space | 85,93% Space Free | Partition Type: FAT32
Drive E: | 58,72 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 931,51 Gb Total Space | 534,84 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.01 11:11:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2011.12.28 20:03:21 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.12.28 18:47:14 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011.12.28 18:47:14 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.12.28 18:47:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.28 18:47:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.10 17:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 17:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2010.12.10 17:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.08.02 16:14:02 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.13 10:35:10 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.11.13 10:32:20 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.04.11 07:28:10 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\w3wp.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.30 09:49:50 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
PRC - [2008.02.18 06:37:48 | 000,032,768 | ---- | M] (Autodesk) -- C:\Programme\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.09.04 11:41:00 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.09.03 17:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.08.31 10:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe
PRC - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.07.12 15:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.04.13 17:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe
PRC - [2007.04.13 17:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe
PRC - [2007.02.07 17:23:22 | 001,581,056 | ---- | M] () -- D:\MDESIGN\MDESIGN\TEDATA.exe
PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.06.30 12:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) -- D:\MDESIGN\MDESIGN\lmgrd.exe
PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.28 20:03:21 | 000,849,368 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll
MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.09.04 11:45:54 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.09.04 11:45:24 | 002,560,000 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.09.04 11:37:26 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.09.04 11:37:14 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.09.04 11:37:02 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.09.04 11:37:00 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.09.04 11:36:54 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.09.04 11:36:48 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.09.04 11:36:44 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (sdCoreService)
SRV - File not found [On_Demand | Stopped] --  -- (sdAuxService)
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - [2011.12.28 18:47:14 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.12.28 18:47:14 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.12.28 18:47:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.28 18:47:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 18:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.12.04 21:41:39 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.13 10:32:20 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.11.13 10:27:56 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.11.07 18:40:19 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.10.02 11:45:18 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.04.11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.10.30 09:49:50 | 000,385,024 | R--- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\AstSrv.exe -- (astcc)
SRV - [2008.02.18 06:37:48 | 000,032,768 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe -- (Autodesk Data Management Job Dispatch)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 08:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007.09.04 11:39:54 | 000,040,960 | ---- | M] (Softex Inc.) [On_Demand | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.08.16 09:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.07.12 15:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.04.13 17:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)
SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.06.30 12:38:34 | 001,339,392 | ---- | M] (Macrovision Corporation) [Auto | Running] -- D:\MDESIGN\MDESIGN\lmgrd.exe -- (MDESIGN License Manager)
SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.28 18:47:15 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.28 18:47:15 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:30:17 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.04.11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.02.01 10:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2007.12.10 12:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007.12.10 12:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.08.08 07:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.01 09:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2007.05.25 08:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 08:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.30 12:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.02.12 16:55:56 | 000,075,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: D:\TOOLS\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.28 20:03:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.28 20:03:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 
[2009.06.24 17:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2012.01.01 10:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions
[2010.07.11 10:28:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.29 17:09:19 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\m12ssry7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.12.28 15:13:01 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-1.xml
[2011.09.28 20:08:05 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-10.xml
[2011.11.15 15:41:42 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-11.xml
[2011.12.28 20:03:33 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-12.xml
[2009.08.05 20:08:50 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-2.xml
[2009.09.13 14:52:47 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-3.xml
[2009.10.30 20:12:09 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-4.xml
[2011.05.02 18:36:00 | 000,000,961 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-5.xml
[2011.06.25 16:11:36 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-6.xml
[2011.08.17 15:09:53 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-7.xml
[2011.09.01 16:57:18 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-8.xml
[2011.09.09 11:00:27 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin-9.xml
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\icqplugin.xml
[2010.06.21 09:50:56 | 000,003,915 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\m12ssry7.default\searchplugins\sweetim.xml
[2011.11.23 18:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.23 18:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.23 18:29:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.23 18:29:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.15 15:41:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.15 15:41:18 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.15 15:41:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.15 15:41:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.15 15:41:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1225031161 (Image Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1218381716 (Image Uploader Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game13.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 94.31.65.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1BD1AFE-2142-4FF3-B8B0-AE088816908A}: DhcpNameServer = 94.31.65.69
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.08 09:06:11 | 000,000,000 | -H-D | M] - E:\AutoRunSource -- [ CDFS ]
O32 - AutoRun File - [2011.09.08 09:33:19 | 002,520,576 | R--- | M] (Longtion Software Inc.                                                                              ) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.04.14 09:47:44 | 000,095,701 | RH-- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011.09.07 15:32:56 | 000,000,063 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.03.01 11:16:59 | 000,211,164 | RH-- | M] () - E:\autorun.tgt -- [ CDFS ]
O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{a1c1b7d0-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{a1c1b7e4-a67a-11df-badb-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{b9604a30-7bda-11e0-ae86-0016d3c0e817}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun
O33 - MountPoints2\{f2dff0f1-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell - "" = AutoRun
O33 - MountPoints2\{f2dff0f4-ab6c-11df-b865-001b77cfb32e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{f2dff165-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell - "" = AutoRun
O33 - MountPoints2\{f2dff167-ab6c-11df-b865-0016d3c0e817}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= -  File not found
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\GoogleEULA\EULALauncher.exe ( )
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice -  File not found
SafeBootMin: sdcoreservice -  File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice -  File not found
SafeBootNet: sdcoreservice -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {3C4CA55D-C315-C489-36DE-31DB5817CCA9} - Microsoft Windows Media Player 11.0
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5E7C766A-B2D5-42F9-338E-8F172E80EF38} - 
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {734825D4-5ACB-3DA4-FA6A-600DD12F778A} - Adobe Shockwave Director 10.2
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.01 11:11:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2011.12.30 16:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.30 16:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.30 16:39:06 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.28 20:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.28 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Avira
[2011.12.28 14:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.28 14:44:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.28 14:44:42 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.28 14:44:42 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.28 14:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.01 11:11:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2012.01.01 10:51:26 | 000,000,004 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Default.PLS
[2012.01.01 10:50:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.01 10:42:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.01 10:42:52 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.01 10:26:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.01 10:24:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.01.01 10:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.01 10:24:33 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.30 16:40:00 | 000,787,020 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.30 16:40:00 | 000,727,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.30 16:40:00 | 000,189,508 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.30 16:40:00 | 000,153,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.30 16:39:10 | 000,000,481 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.30 16:15:34 | 000,125,440 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.28 18:47:15 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.28 18:47:15 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.28 14:45:05 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.12.28 14:29:06 | 000,563,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.28 14:06:21 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\AppleSoftwareUpdate.job
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.30 16:39:10 | 000,000,481 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.28 14:45:05 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.09.10 07:18:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.09.07 13:57:49 | 000,239,076 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011.09.07 13:53:49 | 000,000,941 | ---- | C] () -- C:\Windows\uninst.ini
[2011.04.23 06:58:27 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini
[2010.03.08 18:41:21 | 000,105,199 | ---- | C] () -- C:\Windows\Restart.EXE
[2009.09.25 19:41:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.25 19:41:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.18 07:31:57 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2008.11.05 18:08:13 | 000,003,976 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\wklnhst.dat
[2008.08.30 02:01:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.20 14:39:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.07.19 04:32:16 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2008.06.19 15:45:49 | 000,000,680 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2008.05.12 03:42:50 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.05.12 03:42:50 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.05.12 03:37:59 | 000,125,440 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.29 14:07:52 | 000,000,004 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Default.PLS
[2008.01.23 14:51:32 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.23 13:48:14 | 000,000,094 | ---- | C] () -- C:\Users\Dennis\AppData\Local\fusioncache.dat
[2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.01.02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.01.02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.01.02 16:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.09.19 06:56:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.09.18 19:01:37 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.09.18 19:01:37 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.09.18 08:38:30 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.09.18 08:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2007.09.18 08:16:24 | 000,000,216 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2007.09.12 08:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.12 08:35:40 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.09.12 08:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007.09.12 08:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 16:33:31 | 000,787,020 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,189,508 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,563,912 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,727,290 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,153,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.20 06:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2000.04.18 03:02:00 | 000,000,110 | ---- | C] () -- C:\Windows\System32\EBPPORT.DAT
 
========== LOP Check ==========
 
[2011.08.04 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Autodesk
[2009.10.02 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus
[2010.03.01 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Buhl Data Service
[2008.01.23 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BullGuard
[2010.11.24 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dennis
[2011.08.29 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar
[2011.08.04 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Image Zone Express
[2008.05.10 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MAGIX
[2010.12.07 20:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Neuer Ordner
[2010.09.13 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2011.09.10 07:19:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\pdfforge
[2009.01.21 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Printer Info Cache
[2008.04.28 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sonavis
[2008.11.05 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Template
[2009.12.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2008.04.28 01:48:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TVcentral-Core
[2011.08.22 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent
[2009.01.20 06:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\VMedia
[2011.12.31 19:12:31 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.16 18:46:59 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CA5B97C-2E80-401D-B6D3-12ED15CD9318}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.02.23 09:00:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe
[2010.09.15 16:01:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Ahead
[2008.11.19 15:41:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Apple Computer
[2011.08.04 18:41:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Autodesk
[2011.12.28 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Avira
[2008.05.12 03:45:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AVS4YOU
[2009.10.02 09:36:28 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Azureus
[2010.03.01 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Buhl Data Service
[2008.01.23 14:19:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BullGuard
[2008.04.29 14:07:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink
[2010.11.24 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dennis
[2009.04.20 17:50:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX
[2011.06.17 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\dvdcss
[2008.01.23 14:07:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Google
[2011.08.30 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\HP
[2011.08.29 17:48:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ
[2008.02.10 18:05:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ Toolbar
[2008.01.23 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities
[2011.08.04 16:27:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Image Zone Express
[2008.02.10 18:02:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\InstallShield
[2008.01.23 14:10:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia
[2008.05.10 22:26:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MAGIX
[2011.07.31 09:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs
[2011.10.07 11:32:22 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft
[2009.02.23 19:49:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Move Networks
[2009.06.24 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla
[2010.12.07 20:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Neuer Ordner
[2010.09.13 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org
[2008.05.07 01:26:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Tools
[2011.09.10 07:19:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\pdfforge
[2009.01.21 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Printer Info Cache
[2008.11.27 07:07:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\skypePM
[2008.04.28 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Sonavis
[2008.11.05 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Template
[2009.12.04 21:31:44 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2008.04.28 01:48:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TVcentral-Core
[2010.09.13 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\U3
[2011.08.22 08:53:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent
[2011.11.20 19:44:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc
[2009.01.20 06:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\VMedia
[2008.07.02 18:58:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR
[2008.07.12 12:13:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.03.02 18:34:22 | 010,684,866 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
[2011.09.30 19:02:24 | 003,089,056 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Dennis\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.11.07 18:24:42 | 000,010,134 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009.02.06 00:56:14 | 000,097,144 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009.02.23 19:49:09 | 000,034,063 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe
[2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe
[2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe
[2009.03.03 12:45:08 | 000,693,712 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe
[2009.03.03 12:45:05 | 001,091,024 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe
[2009.03.03 12:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe
[2009.03.04 08:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe
[2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe
[2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.14 05:32:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007.07.12 15:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2008.01.19 08:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
--- --- ---
__________________
Antwort

Themen zu Dateien nur noch als Verknüpfung auf externer FP
anleitung, dateien, downloader, erstellen, escan, externer, files, found, gepostet, installer, log-file, onlinescan, probleme, sache, schonmal, service, sound, stelle, system, toolbar, verknüpfung, version, volume, worm


« Aus Sicherheitsgründen wurde ihr Windowssystem blockiert ( Windows 7 64bit ) | hrt54is56ijfgte »


Ähnliche Themen: Dateien nur noch als Verknüpfung auf externer FP


  1. USB Dateien als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (41)
  2. PF findet Verknüpfung zu Office Dateien nicht mehr
    Alles rund um Windows - 22.12.2014 (3)
  3. Win7: Dateien von USB Stick werden als Verknüpfung angezeigt
    Log-Analyse und Auswertung - 07.03.2014 (7)
  4. Eigene Dateien nur noch als Verknüpfung da, und "zugriff verweigert"
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (7)
  5. Dateien auf externer Festplatte werden nur noch als Verknüpfungen angezeigt
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (17)
  6. Ordner auf externer Festplatte und USB-Sticks als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 02.02.2013 (3)
  7. Dateien auf extern. Festplatten werden als Verknüpfung angezeitgt
    Log-Analyse und Auswertung - 25.11.2012 (4)
  8. Dateien nach Virus nur noch als Verknüpfung -nicht mehr zu öffnen
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (15)
  9. Ordner auf Speicherkarte nur noch Verknüpfung
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (41)
  10. 2. Fall - Ordner auf USB-Stick werden nur noch als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (1)
  11. recycler, Ordner auf externer Platte als verknüpfung, mit verweiss auf datei in recycler
    Log-Analyse und Auswertung - 21.11.2011 (42)
  12. Dateien nur noch als Verknüpfung! Hilfe wichtige externe Festplatte!
    Log-Analyse und Auswertung - 01.11.2011 (1)
  13. Ordner auf USB-Stick werden nur noch als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 01.11.2011 (5)
  14. SD Karten-Ordner nur noch als Verknüpfung und mehr!!
    Plagegeister aller Art und deren Bekämpfung - 26.10.2011 (1)
  15. Ordner auf SD bzw. CF Card werden nur noch als Verknüpfung dargestellt.
    Log-Analyse und Auswertung - 22.10.2011 (19)
  16. Ordner auf externer Festplatte als Verknüpfung angezeigt
    Plagegeister aller Art und deren Bekämpfung - 09.05.2011 (3)
  17. Dateien und Ordner auf externer Festplatte nur noch Shortcuts (zu piwutx.exe)
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Dateien nur noch als Verknüpfung auf externer FP - Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen Starte anschließend - Dateien nur noch als Verknüpfung auf externer FP...
Archiv
Du betrachtest: Dateien nur noch als Verknüpfung auf externer FP auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19