| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.11.2012, 12:03
| #1 |
 |  Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Hallo zusammen, ich habe folgendes Problem: meine Freundin hat sich wohl auf einer Südafrikareise einen netten Virus eingefangen, der sich natürlich sofort auch auf mein System ausgeweitet hat: Sobald ich einen Wechseldatenträger anschliesse werden die Dateien in Verknüpfungen verwandelt, und die "echten" Ordner versteckt. Da ich keine Zeit hatte mich darum zu kümmern habe ich erstmal nichts gemacht, nun sind die versteckten Ordner auf meiner externen Festplatte jedoch komplett verschwunden und die Verknüpfungen verweisen auf "abe1d340.exe" Ich habe daher eine komplette Untersuchung mit Dr.WebIT durchgeführt. Er hat auf allen befallenen Wechseldatenträgern und natürlich auf dem Rechner selber diese exe-Datei als Trojan Siggen 2 erkannt. Zudem hat er noch eine vzaiad.exe als schadhaft erkannt. Leider kann Dr.WebIT diese Trojaner jedoch nicht löschen, das Problem besteht bisher weiterhin. Den Rechner würde ich eh komplett formatieren, jedoch sind auf meiner externen Festplatte wichtige Daten, die ich auch sonst nirgends mehr gespeichert habe, daher würde ich diese gerne retten, ohne noch weitere Systeme zu infizieren. Vielen Dank schonmal für eure Hilfe. M4rc31 |
|
27.11.2012, 11:59
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Hallo und
__________________ Zitat:
Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen: Code:
ATTFilter attrib -s -h "x:\ordner" /s /d
"ordner" muss dann der jew. richtige Ordnername sein
__________________ |
|
28.11.2012, 12:37
| #3 |
| | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Hallo cosinus,
__________________vielen Dank für deine Antwort! Ich habe jetzt mal alles gemacht was du geschrieben hast, funnktioniert auch alles 1A. Allerdings ist damit der Virus ja trotzdem noch auf der Festplatte und ich würde jeden PC damit infizieren, sobald ich die HDD einstecke? Ich bin die Schritte durchgegangen die gemacht werden sollen wenn man ein Thread erstellt. Hier sind mal dazu die log-files. OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2012 19:30:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,05% Memory free 5,85 Gb Paging File | 4,62 Gb Available in Paging File | 78,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 158,22 Gb Free Space | 53,08% Space Free | Partition Type: NTFS Drive F: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: FUJITSU | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.26 19:30:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\OTL.exe PRC - [2012.10.28 20:38:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.09.07 19:26:23 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.07 19:26:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.07 19:26:13 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 19:26:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.06 12:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2012.08.27 05:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.08.20 18:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.03.23 15:55:44 | 007,351,760 | ---- | M] (QIP) -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qip.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.11.01 16:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.01 16:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.26 01:44:56 | 000,036,864 | ---- | M] (Dassault Systemes) -- C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe PRC - [2006.07.12 16:43:28 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe ========== Modules (No Company Name) ========== MOD - [2012.10.28 20:38:09 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.03.23 15:56:04 | 000,957,392 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\Social\Social.dll MOD - [2012.03.23 15:56:00 | 001,641,936 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\MRA\MRA.dll MOD - [2012.03.23 15:56:00 | 000,049,104 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\MRA\pics.dll MOD - [2012.03.23 15:55:56 | 002,524,112 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\InfICQ\InfICQ.dll MOD - [2012.03.23 15:55:54 | 000,130,000 | ---- | M] () -- C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Plugins\Win7Helper\Win7Helper.dll MOD - [2012.01.10 20:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll ========== Services (SafeList) ========== SRV - [2012.10.28 20:38:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 19:26:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.07 19:26:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2009.11.01 16:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.01 16:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.26 01:44:56 | 000,036,864 | ---- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe -- (BBDemon) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2012.09.22 13:55:44 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.09.07 19:26:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.07 19:26:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.09.07 19:26:23 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.06 11:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.11.01 16:04:44 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2007.04.24 17:52:10 | 000,016,688 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver) DRV - [2006.11.01 18:59:24 | 000,005,632 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2006.11.01 18:20:28 | 000,005,888 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fuj02b1.sys -- (FUJ02B1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 5F 0D 04 45 BF CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 20:38:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 20:38:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.21 12:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.11.24 13:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tult9ajn.default\extensions [2012.11.24 13:45:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\tult9ajn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.28 20:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.10.28 20:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.28 20:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.28 20:38:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKCU..\Run: [Infium] C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qip.exe (QIP) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{185516C8-46DF-471B-B15F-2003CFC09F12}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27514C3B-0225-4693-A3BC-4675FCE0D094}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.07.15 20:39:51 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{015be092-03d5-11e2-a745-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{015be092-03d5-11e2-a745-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe O33 - MountPoints2\{015be092-03d5-11e2-a745-806e6f6e6963}\Shell\option1\command - "" = D:\deskupdate\DeskUpdate.exe O33 - MountPoints2\{015be092-03d5-11e2-a745-806e6f6e6963}\Shell\support\command - "" = D:\deskupdate\support.bat O33 - MountPoints2\{a447bcc9-049f-11e2-b903-e0ca94afd7d9}\Shell - "" = AutoRun O33 - MountPoints2\{a447bcc9-049f-11e2-b903-e0ca94afd7d9}\Shell\AutoRun\command - "" = F:\sources\sperr32.exe -- [2009.07.15 20:39:51 | 000,123,472 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 16:50:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.17 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\x-formation [2012.11.17 16:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\x-formation [2012.11.17 16:46:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\altair [2012.11.17 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Altair [2012.11.13 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\uni [2012.11.10 12:18:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.07 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Peter der Assi [2012.11.02 23:42:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Diagnostics [2012.10.29 21:45:31 | 000,000,000 | ---D | C] -- C:\Swsetup [2012.10.28 20:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.26 19:29:52 | 000,000,156 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.11.26 19:26:52 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 19:26:52 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 19:19:42 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job [2012.11.26 19:19:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.26 19:19:17 | 2356,584,448 | -HS- | M] () -- C:\hiberfil.sys [2012.11.26 13:02:14 | 000,000,806 | ---- | M] () -- C:\Users\Admin\Desktop\DrWeb.csv [2012.11.26 12:05:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000UA.job [2012.11.25 11:44:01 | 000,003,584 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.24 15:05:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000Core.job [2012.11.17 17:12:33 | 000,305,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.17 16:53:45 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.17 16:53:45 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.17 16:53:45 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.17 16:53:45 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.17 16:51:32 | 000,002,603 | ---- | M] () -- C:\Users\Admin\Documents\command.cmf [2012.11.12 14:00:49 | 000,017,558 | ---- | M] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_10-11-2012_0301.pdf [2012.11.12 11:57:27 | 000,238,928 | ---- | M] () -- C:\Users\Admin\Desktop\fotobuch.jpg [2012.11.10 17:40:38 | 001,001,282 | ---- | M] () -- C:\Users\Admin\Desktop\e3.png [2012.11.10 12:18:08 | 371,964,956 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.08 16:57:40 | 000,002,752 | ---- | M] () -- C:\Users\Admin\Desktop\porsche-schriftzug_274x21px.jpg [2012.11.08 16:49:07 | 000,028,439 | ---- | M] () -- C:\Users\Admin\Desktop\GT.jpg [2012.11.08 14:39:27 | 000,015,743 | ---- | M] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_13-10-2012_0953-1.pdf [2012.11.03 22:38:09 | 000,034,901 | ---- | M] () -- C:\Users\Admin\Desktop\Konto_502656-Auszug_2012_010.pdf.pdf [2012.11.03 17:57:46 | 000,023,030 | ---- | M] () -- C:\Users\Admin\Desktop\Finanzreport_Nr.09_vom_01.11.2012064305-1.pdf [2012.11.03 12:25:07 | 000,034,620 | ---- | M] () -- C:\Users\Admin\Desktop\Kontoauszug_63218003__Nr.010_vom_01.11.2012_20121103122452.pdf [2012.11.03 12:24:46 | 000,028,545 | ---- | M] () -- C:\Users\Admin\Desktop\Kontoauszug_63218607__Nr.010_vom_01.11.2012_20121103122430.pdf [2012.10.29 23:10:21 | 000,086,924 | ---- | M] () -- C:\Users\Admin\Desktop\81X0gYpIPPL._AA1500_.jpg [2012.10.29 18:18:41 | 000,094,255 | ---- | M] () -- C:\Users\Admin\Desktop\Klettern.jpg ========== Files Created - No Company Name ========== [2012.11.26 19:29:51 | 000,000,156 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.11.25 11:44:01 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.17 16:48:10 | 000,002,603 | ---- | C] () -- C:\Users\Admin\Documents\command.cmf [2012.11.17 16:44:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 16:44:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.16 18:30:40 | 000,000,806 | ---- | C] () -- C:\Users\Admin\Desktop\DrWeb.csv [2012.11.12 14:00:49 | 000,017,558 | ---- | C] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_10-11-2012_0301.pdf [2012.11.12 11:57:27 | 000,238,928 | ---- | C] () -- C:\Users\Admin\Desktop\fotobuch.jpg [2012.11.10 17:40:37 | 001,001,282 | ---- | C] () -- C:\Users\Admin\Desktop\e3.png [2012.11.10 12:18:08 | 371,964,956 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.08 16:57:40 | 000,002,752 | ---- | C] () -- C:\Users\Admin\Desktop\porsche-schriftzug_274x21px.jpg [2012.11.08 16:49:07 | 000,028,439 | ---- | C] () -- C:\Users\Admin\Desktop\GT.jpg [2012.11.08 14:39:27 | 000,015,743 | ---- | C] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_13-10-2012_0953-1.pdf [2012.11.03 22:38:09 | 000,034,901 | ---- | C] () -- C:\Users\Admin\Desktop\Konto_502656-Auszug_2012_010.pdf.pdf [2012.11.03 17:57:46 | 000,023,030 | ---- | C] () -- C:\Users\Admin\Desktop\Finanzreport_Nr.09_vom_01.11.2012064305-1.pdf [2012.11.03 12:25:07 | 000,034,620 | ---- | C] () -- C:\Users\Admin\Desktop\Kontoauszug_63218003__Nr.010_vom_01.11.2012_20121103122452.pdf [2012.11.03 12:24:45 | 000,028,545 | ---- | C] () -- C:\Users\Admin\Desktop\Kontoauszug_63218607__Nr.010_vom_01.11.2012_20121103122430.pdf [2012.10.29 23:10:21 | 000,086,924 | ---- | C] () -- C:\Users\Admin\Desktop\81X0gYpIPPL._AA1500_.jpg [2012.10.29 18:18:41 | 000,094,255 | ---- | C] () -- C:\Users\Admin\Desktop\Klettern.jpg [2012.09.22 19:35:54 | 000,016,975 | ---- | C] () -- C:\Users\Admin\candy.jpg [2012.09.22 14:25:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.09.22 14:05:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.09.21 11:53:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2012.01.10 21:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012.01.10 21:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012.01.10 21:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.01.10 20:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.01.10 20:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.01.10 20:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.28 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited [2012.09.22 13:59:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2012.09.23 09:51:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DassaultSystemes [2012.11.26 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Dropbox [2012.09.21 13:54:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2012.09.21 14:37:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\jeak.de [2012.09.21 14:02:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\QIP [2012.09.23 16:19:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer [2012.11.17 16:46:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\x-formation ========== Purity Check ========== < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.11.2012 19:30:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,05% Memory free
5,85 Gb Paging File | 4,62 Gb Available in Paging File | 78,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 158,22 Gb Free Space | 53,08% Space Free | Partition Type: NTFS
Drive F: | 2,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: FUJITSU | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CCA81ED-7F38-4219-9B45-50ABBFA4A987}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E031089-1F23-4B30-8BE9-A12514B812C0}" = rport=445 | protocol=6 | dir=out | app=system |
"{1AB6F99F-B55A-4EF7-A820-B25020303EC5}" = rport=139 | protocol=6 | dir=out | app=system |
"{20071828-4703-40D1-9FA4-A6D2E117BABE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2659FDA5-DD56-49FF-B58F-9A03C3E4A5A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{3A2AAA46-E1F0-4EE4-A578-0B19DBBC2819}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E1B4502-6FA0-463B-9252-0C0D3505987E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43F50730-C456-4135-98A0-FDED2ACEB48F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51AE98EF-6B3A-42C5-A016-D8A04BA91E77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64D3804C-1094-41C5-8CB6-9AC530782EBC}" = lport=445 | protocol=6 | dir=in | app=system |
"{67AE0AF0-9DEC-4E61-89E9-4B8A82298AB2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75159396-C8B9-426F-8FF0-F010F0FEB800}" = lport=10243 | protocol=6 | dir=in | app=system |
"{75A787EC-D187-4480-8B6C-30C722673A3C}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D61E6DC-F70A-4643-95B8-4862878337BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86C0F8B4-B1B9-4528-84E9-7588E596BAB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9EA49F75-3506-45AF-9B20-56FEF572BCDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB96E35D-4E80-4B48-B53E-EA3248EA4EF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADBB765B-542B-4418-A79E-83AB89457C77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B2FC5747-9912-4CBF-8D58-10776E5C586C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF3A242A-E0DE-47D5-A546-C09D0D41A61F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4DDA857-9104-434F-9667-3D3622F90992}" = lport=137 | protocol=17 | dir=in | app=system |
"{DB1A60ED-4766-4841-A09E-7C65ECF09AD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC6FD45C-9E27-49DA-B5BB-E9B7CB279DF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{E356F9AE-55EE-4FB0-A3D2-4E8BFCBE31DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC9914E1-538F-438A-A354-51D5A42B801D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F3A00202-41C2-4C6D-8975-A021D11937FE}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05669E49-4C38-4F20-8772-BE3F96267D36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CB681E8-D7F2-4C36-A6E6-6DCE73A3AB16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E438CD4-6177-4041-BC7D-427C95460D7F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{10A3AAAF-DE10-49A5-9C03-AB9D8ED3B1CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{24EAECE1-D8BA-4970-B353-22234D3FEF39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AADFBFD-5F03-4EEA-8895-5FB93F7BF0E7}" = dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe |
"{46CB2368-F55A-4A3C-8885-A5A5AEE591BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{60673D87-8578-4825-B971-4945A7A3B55C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72143582-5766-41C2-9AE5-EFBDA9419D83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BCF1BAA-B0DD-4718-9668-A32C66DACBC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9404C740-8056-4FF7-8F95-DE6120728CFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{998B6097-B41C-4D0E-ADE3-1A7BA55E3FF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC1263D2-E9E3-4874-B8C4-C47978F33ABD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AFD2EFE8-627E-443F-BAB9-0FE0E22E8BB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBDDF7D4-5A5C-4F37-94E4-2CD87B6DD9ED}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"{C79F760F-9162-4C2A-AAB5-B28F8AFCD85D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D419DA42-FE29-4355-89F6-97D0BC3CF95B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D489FC88-EF72-4EE0-AFE9-1FE6CECC70C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5E6F58F-E0C8-42CB-91A6-493458ECFDFD}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"{E84604DF-857F-4F8A-8FFE-5AB654C9008C}" = protocol=6 | dir=out | app=system |
"TCP Query User{05943D45-F61D-4614-A509-D62CA01B90F0}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe |
"TCP Query User{784970EC-4841-46D2-93B0-DE6C800E8C02}C:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe |
"TCP Query User{7A2C674B-9314-4530-A64D-DB2699BCF4AE}C:\spiele\blobby volley\volley.exe" = protocol=6 | dir=in | app=c:\spiele\blobby volley\volley.exe |
"TCP Query User{AE2842A7-0654-473F-AF05-4E4A7C86A897}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0410531C-413C-4A7B-B809-FAE5515C83B1}C:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe |
"UDP Query User{49A769DB-8D90-41F8-8D4A-6321551349C4}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6B32386C-0428-4631-ADCD-3C597AA3C2A2}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe |
"UDP Query User{CA215497-3730-4F73-989E-07D730954CC0}C:\spiele\blobby volley\volley.exe" = protocol=17 | dir=in | app=c:\spiele\blobby volley\volley.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2FBC78B6-125F-4E8C-8B18-2D7A3C2FD306}" = QIP 2012 7221 Jeak-Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Altair HyperWorks 11.0.0.39 (Local 32-bit)" = Altair HyperWorks 11.0.0.39 (Local 32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dassault Systemes B20_0" = Dassault Systemes Software B20
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QIP 2012 7221 Jeak-Edition 4.0.7221" = QIP 2012 7221 Jeak-Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2012 13:17:12 | Computer Name = Fujitsu | Source = VSS | ID = 8194
Description =
Error - 29.10.2012 13:18:39 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
werden.
Error - 29.10.2012 13:21:31 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Microsoft Windows Search Filter Host"
konnte nicht heruntergefahren werden.
Error - 29.10.2012 13:21:36 | Computer Name = Fujitsu | Source = Application Error | ID = 1000
Error - 29.10.2012 13:28:09 | Computer Name = Fujitsu | Source = VSS | ID = 8194
Description =
Error - 29.10.2012 13:29:21 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager
| ID = 10006
Description = Die Anwendung oder der Dienst "Windows Live Mail" konnte nicht heruntergefahren werden.
Error - 29.10.2012 13:29:33 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager
| ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren werden.
Error - 05.11.2012 06:12:58 | Computer Name = Fujitsu | Source = Application Hang
| ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1318
Startzeit: 01cdbb394941a220
Endzeit: 37
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: 5d6ea3ff-2731-11e2-8ba7-e0ca94afd7d9
Error - 07.11.2012 14:34:48 | Computer Name = Fujitsu | Source = Application Hang
| ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 300
Startzeit: 01cdbd1674bd02da
Endzeit: 5
Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE
Berichts-ID: bdd29e8a-2909-11e2-87eb-e0ca94afd7d9
Error - 10.11.2012 12:40:19 | Computer Name = Fujitsu | Source = Application Hang
| ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5bc
Startzeit: 01cdbf3736e76fc2
Endzeit: 102
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: 4afdac3a-2b55-11e2-ad12-e0ca94afd7d9
Error - 11.11.2012 13:07:58 | Computer Name = Fujitsu | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680, Zeitstempel: 0x50882871
Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680, Zeitstempel: 0x508827d6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00130ef7
ID des fehlerhaften Prozesses: 0x1260
Startzeit der fehlerhaften Anwendung: 0x01cdbffb43599fc4
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll
Berichtskennung: 56e09248-2c22-11e2-a136-e0ca94afd7d9
Error encountered while reading event logs.
< End of report >
Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-26 20:41:25
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0
Running: f57i6c57.exe; Driver: C:\Users\Admin\AppData\Local\Temp\fwldypod.sys
---- System - GMER 1.0.15 ----
SSDT 935C9386 ZwCreateSection
SSDT 935C9390 ZwRequestWaitReplyPort
SSDT 935C938B ZwSetContextThread
SSDT 935C9395 ZwSetSecurityObject
SSDT 935C939A ZwSystemDebugControl
SSDT 935C9327 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C86A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC04D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CC762C 4 Bytes [86, 93, 5C, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CC7988 4 Bytes [90, 93, 5C, 93] {NOP ; XCHG EBX, EAX; POP ESP; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CC79CC 4 Bytes [8B, 93, 5C, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CC7A48 4 Bytes [95, 93, 5C, 93] {XCHG EBP, EAX; XCHG EBX, EAX; POP ESP; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CC7A9C 4 Bytes [9A, 93, 5C, 93]
.text ...
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AC8D6000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AC8D6123 629 Bytes [15, 8D, AC, FE, 05, 34, 15, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 AC8D6399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F AC8D63FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B AC8D64AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e0ca94afd7d9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e0ca94afd7d9 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
|
|
28.11.2012, 13:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.11.2012, 15:09
| #5 |
| | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Hallo Cosinus, habe die beiden Programme installiert. Bei aswMBR gab es Probleme, weswegen ich auf die "none"-Einstellung gegangen bin. Ich habe die Files angehängt, da es für einen normalen Post zu lange ist. Grüße M4rc31 |
|
28.11.2012, 15:19
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen |
|
28.11.2012, 15:52
| #7 |
| | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Hallo, habe ich ebenfalls ausgeführt, hier ist das File: Combofix Logfile: Code:
ATTFilter ComboFix 12-11-28.02 - Admin 28.11.2012 15:30:06.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2997.1903 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Fujitsu
c:\programdata\Fujitsu\DeskUpdate\1038436\_Setup.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\data1.cab
c:\programdata\Fujitsu\DeskUpdate\1038436\data1.hdr
c:\programdata\Fujitsu\DeskUpdate\1038436\data2.cab
c:\programdata\Fujitsu\DeskUpdate\1038436\DisplayIcon.ICO
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\revcon.exe
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\rtsustor.cat
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\RtsUStor.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\RtsUStor.inf
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\RtsUStor.sys
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_32bit\RtsUStorIcon.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\revcon.exe
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\rtsustor.cat
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\RtsUStor.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\RtsUStor.inf
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\RtsUStor.sys
c:\programdata\Fujitsu\DeskUpdate\1038436\DriverBin_64bit\RtsUStorIcon.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\ISSetup.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\layout.bin
c:\programdata\Fujitsu\DeskUpdate\1038436\SDRTCPRM.dll
c:\programdata\Fujitsu\DeskUpdate\1038436\SetEHCIKey.exe
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.exe
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.ini
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.inx
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.iss
c:\programdata\Fujitsu\DeskUpdate\1038436\setup.log
c:\programdata\Fujitsu\DeskUpdate\1039621\en\FUJ02B1.txt
c:\programdata\Fujitsu\DeskUpdate\1039621\es\FUJ02B1.txt
c:\programdata\Fujitsu\DeskUpdate\1039621\fr\FUJ02B1.txt
c:\programdata\Fujitsu\DeskUpdate\1039621\fuj02b1.cat
c:\programdata\Fujitsu\DeskUpdate\1039621\FUJ02B1.inf
c:\programdata\Fujitsu\DeskUpdate\1039621\FUJ02B1.sys
c:\programdata\Fujitsu\DeskUpdate\1039621\FUJ02B1.txt
c:\programdata\Fujitsu\DeskUpdate\1039623\en\FUJ02E3.txt
c:\programdata\Fujitsu\DeskUpdate\1039623\es\FUJ02E3.txt
c:\programdata\Fujitsu\DeskUpdate\1039623\fr\FUJ02E3.txt
c:\programdata\Fujitsu\DeskUpdate\1039623\fuj02e3.cat
c:\programdata\Fujitsu\DeskUpdate\1039623\FUJ02E3.inf
c:\programdata\Fujitsu\DeskUpdate\1039623\FUJ02E3.sys
c:\programdata\Fujitsu\DeskUpdate\1039623\FUJ02E3.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\en-US\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\es\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\fr\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\ja-JP\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\ko-KR\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\zh-CN\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\LanguagePack\zh-TW\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042668\setup.exe
c:\programdata\Fujitsu\DeskUpdate\1042668\setup.iss
c:\programdata\Fujitsu\DeskUpdate\1042668\setup.log
c:\programdata\Fujitsu\DeskUpdate\1042948\infinst_autol.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\autorun.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\DIFxAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\MEI\heci.cat
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\MEI\HECI.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\MEI\HECI.sys
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\MEI\HECIx64.sys
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\SOL\mesrl.cat
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\SOL\mesrl.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\SOL\mesrle.cat
c:\programdata\Fujitsu\DeskUpdate\1042961\Drivers\SOL\mesrle.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ar-SA\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ar-SA\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\cs-CZ\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\cs-CZ\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\da-DK\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\da-DK\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\de-DE\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\de-DE\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\el-GR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\el-GR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\en-US\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\en-US\Setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\es-ES\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\es-ES\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\fi-FI\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\fi-FI\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\fr-FR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\fr-FR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\he-IL\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\he-IL\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\hu-HU\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\hu-HU\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\it-IT\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\it-IT\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ja-JP\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ja-JP\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ko-KR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ko-KR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\nb-NO\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\nb-NO\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\nl-NL\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\nl-NL\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pl-PL\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pl-PL\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pt-BR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pt-BR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pt-PT\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\pt-PT\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ru-RU\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\ru-RU\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sk-SK\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sk-SK\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sl-SI\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sl-SI\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sv-SE\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\sv-SE\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\th-TH\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\th-TH\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\tr-TR\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\tr-TR\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\zh-CN\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\zh-CN\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\zh-TW\license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Lang\zh-TW\setup.exe.mui
c:\programdata\Fujitsu\DeskUpdate\1042961\LMS\LMS.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\LMS\NTService_license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\cim_schema_2.20.0.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ActiveConnection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ActsAsSpare.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_AdminDomain.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_AssociatedPowerManagementService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_BasedOn.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_BindsTo.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Capabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectedCollections.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectedMSEs.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Collection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectionConfiguration.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectionOfMSEs.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CollectionSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_CompatibleProduct.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Component.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConcreteJob.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Configuration.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConfigurationComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ConfigurationForSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ContainedDomain.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ContainedLocation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DefaultSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Dependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DependencyContext.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DeviceSAPImplementation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DeviceServiceImplementation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DeviceStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_DeviceStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementConfiguration.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementLocation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementProfile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementSoftwareIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ElementStatisticalData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_EnabledLogicalElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_EnabledLogicalElementCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ExtentRedundancyComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ExtraCapacityGroup.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_FRU.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_FRUIncludesProduct.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_FRUPhysicalElements.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_HostedAccessPoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_HostedCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_HostedDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_HostedService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_InstalledSoftwareIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_IsSpare.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Job.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_LocalizationCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Location.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_LogicalDevice.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_LogicalElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_LogicalIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ManagedElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ManagedSystemElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_MemberOfCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_MethodParameters.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_OrderedComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_OrderedMemberOfCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_OwningCollectionElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ParametersForMethod.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ParameterValueSources.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PhysicalElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PhysicalElementLocation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PhysicalStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PhysicalStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PowerManagementCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_PowerManagementService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Product.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductFRU.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductParentChild.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductPhysicalComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductPhysicalElements.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductProductDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductServiceComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductSoftwareComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProductSupport.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Profile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProtocolEndpoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProvidesEndpoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ProvidesServiceToElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Realizes.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RedundancyComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RedundancyGroup.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RedundancySet.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RelatedStatisticalData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RelatedStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RemotePort.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_RemoteServiceAccessPoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ReplaceableProductFRU.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SAPAvailableForElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SAPSAPDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SAPStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SAPStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ScopedSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ScopedSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Service.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAccessBySAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAccessPoint.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAccessURI.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAffectsElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceAvailableToElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceSAPDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceServiceDependency.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_ServiceStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Setting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SettingAssociatedToCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SettingContext.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SettingForSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SoftwareIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Spared.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SpareGroup.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StatisticalData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StatisticalSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Statistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StatisticsCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StorageExtent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StorageRedundancyGroup.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_StorageRedundancySet.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SupportAccess.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_Synchronized.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_System.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemComponent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemConfiguration.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemDevice.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemPackaging.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemSettingContext.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemSpecificCollection.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\CIM_SystemStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\Core\comp.bat
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\qualifiers.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\qualifiers_optional.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_AffectedJobElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_AllocatedDMA.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_AllocatedResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_AvailableDiagnosticService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootConfigSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootOSFromFS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootSAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootServiceAccessBySAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootServiceCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_BootSourceSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Cluster.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ClusteringSAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ClusteringService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ClusterServiceAccessBySAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComponentCS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemDMA.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemIRQ.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemMappedIO.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemNodeCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemPackage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ComputerSystemResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_CorrespondingSettingsRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DataFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DeviceAccessedByFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DeviceFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticCompletionRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResult.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultForMSE.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultForTest.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultInPackage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticServiceCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticServiceRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSetting.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSettingForTest.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSettingRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticsLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTest.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTestForMSE.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTestInPackage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Directory.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DirectoryContainsFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_DMA.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Export.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FIFOPipeFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileIdentity.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileStorage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileSystemCapabilities.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_FileSystemSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HelpService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HelpServiceAvailableToFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedBootSAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedBootService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedClusterSAP.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedClusterService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedFileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostedJobDestination.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_HostingCS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_InstalledOS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_IRQ.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_JobDestination.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_JobDestinationJobs.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_JobSettingData.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LocalFileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Log.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogEntry.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogicalFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogInDataFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogInDeviceFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogInStorage.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogManagesRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_LogRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_MemoryMappedIO.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_MemoryResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_MessageLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Mount.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_NFS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OOBAlertService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OperatingSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OperationLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OSProcess.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_OwningJobElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ParticipatingCS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_PortResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Process.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ProcessExecutable.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ProcessOfJob.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ProcessThread.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RecordAppliesToElement.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RecordForLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RecordInLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RecordLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RemoteFileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ResidesOnExtent.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ResourceOfSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_RunningOS.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_ServiceProcess.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_SymbolicLink.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_SystemPartition.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_SystemResource.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_Thread.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_TimeZone.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnitaryComputerSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixDeviceFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixDirectory.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixFile.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixLocalFileSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixProcess.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixProcessStatisticalInformation.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixProcessStatistics.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UnixThread.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UseOfLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_UseOfMessageLog.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_VirtualComputerSystem.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\System\CIM_WakeUpService.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\cim_schema\User\CIM_Credential.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\CreateMENamespace.bat
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\AMT_EthernetPortSettings.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\AMT_ProvisioningCertificateHash.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\AMT_Service.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\AMT_SetupAuditRecord.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ComputerSystem.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ConcreteDependency.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ConcreteJob.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Credential.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Dependency.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_EnabledLogicalElement.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Job.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_LogEntry.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_LogicalElement.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ManagedElement.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_ManagedSystemElement.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_RecordForLog.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Schema_inheritance_classes_Diagram.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_Service.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_SettingData.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\CIM_System.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\cover.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\index.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\indexframe.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\inherit.gif
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\Intel_ME_defined_Classes_Diagram.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\IntelLogo.bmp
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\key.gif
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\ME_Event.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\ME_System.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\minus.gif
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\OOB_Service.html
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\plus.gif
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\schema.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_about.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_lg.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_loading.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_m.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_s.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\html\VCIcon_tiny.jpg
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\ME_Schema.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\AMT_EthernetPortSettings.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\AMT_ProvisioningCertificateHash.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\AMT_Service.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\AMT_SetupAuditRecord.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\ME_Event.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\ME_System.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\MEMofs\OOB_Service.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\register.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\remove.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\removeMEnamespace.bat
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\ME\wmi_build.mof
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\MeProv.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\StatusStrings.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\MEWMIProv\xerces-c_2_7.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\NAC_PP\IntelAMTPP.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\NAC_PP\IntelAMTPP.inf
c:\programdata\Fujitsu\DeskUpdate\1042961\NAC_PP\Readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\Setup.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\Setup.if2
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\DTMessageLib.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\gSOAP_license.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\IntelAMTUNS.config
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\OpenSSL_LICENSE.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\readme.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\StatusStrings.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\UNS.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\xerces-c_2_7.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\UNS\xerces_LICENSE.txt
c:\programdata\Fujitsu\DeskUpdate\1042961\x64\DIFxAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1042961\x64\Drv64.exe
c:\programdata\Fujitsu\DeskUpdate\1042961\x64\MEcp64.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\dpinst.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\dpinst.xml
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0401ARA.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0404CHT.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0405CSY.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0406DAN.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0407DEU.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0408ELL.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0409ENU.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula040bFIN.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula040cFRA.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula040dHEB.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula040eHUN.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0410ITA.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0411JPN.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0412KOR.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0413NLD.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0414NOR.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0415PLK.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0416PTB.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0419RUS.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula041dSVE.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula041fTRK.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0804CHS.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0816PTG.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\Eula0c0aESP.tx_
c:\programdata\Fujitsu\DeskUpdate\1043533\InstNT.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\setup.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\SynChiralRotate.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynChiralVHScroll.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynCntxt.rtf
c:\programdata\Fujitsu\DeskUpdate\1043533\SynCOM.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynCtrl.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynFlick.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynISDLL.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynLinearVHScroll.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynLogo.ico
c:\programdata\Fujitsu\DeskUpdate\1043533\SynMomentum.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynMood.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\synpd.inf
c:\programdata\Fujitsu\DeskUpdate\1043533\SynPinch.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynPivotRotate_ChiralRotate.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynThreeFingerFlick.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynThreeFingersDown.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTP.bmp
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTP.cat
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTP.sys
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPCo4.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPCOM.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPCpl.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPEnh.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPHelper.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTPRes.dll
c:\programdata\Fujitsu\DeskUpdate\1043533\SynTwoFingerVHScroll.mpg
c:\programdata\Fujitsu\DeskUpdate\1043533\SynUnst.ini
c:\programdata\Fujitsu\DeskUpdate\1043533\SynZMetr.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\Tutorial.exe
c:\programdata\Fujitsu\DeskUpdate\1043533\WdfCoInstaller01009.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\ChCfg.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Config\rtkhdaud.dat
c:\programdata\Fujitsu\DeskUpdate\1043680\data1.cab
c:\programdata\Fujitsu\DeskUpdate\1043680\data1.hdr
c:\programdata\Fujitsu\DeskUpdate\1043680\data2.cab
c:\programdata\Fujitsu\DeskUpdate\1043680\engine32.cab
c:\programdata\Fujitsu\DeskUpdate\1043680\layout.bin
c:\programdata\Fujitsu\DeskUpdate\1043680\RtlExUpd.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Setup.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.ibt
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.ini
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.inx
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.isn
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.iss
c:\programdata\Fujitsu\DeskUpdate\1043680\setup.log
c:\programdata\Fujitsu\DeskUpdate\1043680\USetup.iss
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\AERTACap.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\AERTARen.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\AERTSrv.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\APOPCH.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\FMAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\hda32.cat
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDA861A.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDACPC.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDACR.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDADELL.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAGW.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAHPAI1.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAHPAI2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAHPNB.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDALC.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDALC2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDALC3.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAPrmAu.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDARt.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDARt9.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDASRSA.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDASRSD.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDASRSD2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDASRSS.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDATHX.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDATHXD.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAToshiba.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\HDAXFM.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MaxxAudioAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MaxxAudioAPO20.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MaxxAudioEQ.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBAPO32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\mbfilt32.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBPPCn32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBppld32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBTHX32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\MBWrp32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RCORES.dat
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RP3DAA32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RP3DHT32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTCOMDLL.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTEED32A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTEEG32A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTEEL32A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTEEP32A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtHDVBg.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtHDVCpl.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkApoApi.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkAudioService.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkCfg.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkCoInst.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtkPgExt.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTKVHDA.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtlCPAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RtlUpd.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\RTSndMgr.cpl
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXComm.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXDAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXHAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXProc.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SFFXSAPO.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SkyTel.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slcshp32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slgeq32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slh36032.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slInit32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\slmaxv32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\sltshd32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\sluapo32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SRSHP360.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SRSTSHD.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SRSTSXT.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\SRSWOW.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\vncutil.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista\WavesLib.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\AERTAC64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\AERTAR64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\AERTSr64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\APOPCH.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\FMAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\GWfilt64.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\hda64.cat
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDX861A.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXCPC.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXCR.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXDELL.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXGW.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXHPAI1.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXHPAI2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXHPNB.INF
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXLC.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXLC2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXLC3.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXPrmAu.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXRT.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXRT9.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXSRSA.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXSRSD.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXSRSD2.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXSRSS.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXTHX.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXTHXD.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXToshiba.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\HDXXFM.inf
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MaxxAudioAPO20.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBAPO32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\mbfilt64.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBPPCn64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBppld64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBTHX32.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBTHX64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\MBWrp64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RAVBg64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RAVCpl64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RCoInst64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RCORES64.dat
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RP3DAA64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RP3DHT64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtCOM64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTCOMDLL.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTEED64A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTEEG64A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTEEL64A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTEEP64A.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkApi64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkAudioService64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkCfg.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtkCfg64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTKVHD64.sys
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtlCPAPI.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtlCPAPI64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtlUpd64.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RtPgEx64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\RTSnMg64.cpl
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFComm64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFDAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFHAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFProc64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SFSAPO64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SkyTel.exe
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slcshp64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slgeq64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slh36064.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slInit64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\slmaxv64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\sltshd64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\sluapo64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SRSHP64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SRSTSH64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SRSTSX64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\SRSWOW64.dll
c:\programdata\Fujitsu\DeskUpdate\1043680\Vista64\vncutil64.exe
c:\programdata\Fujitsu\DeskUpdate\1046743\_Setup.dll
c:\programdata\Fujitsu\DeskUpdate\1046743\athr.sys
c:\programdata\Fujitsu\DeskUpdate\1046743\athrext.cat
c:\programdata\Fujitsu\DeskUpdate\1046743\data1.cab
c:\programdata\Fujitsu\DeskUpdate\1046743\data1.hdr
c:\programdata\Fujitsu\DeskUpdate\1046743\data2.cab
c:\programdata\Fujitsu\DeskUpdate\1046743\default.ath
c:\programdata\Fujitsu\DeskUpdate\1046743\ISSetup.dll
c:\programdata\Fujitsu\DeskUpdate\1046743\layout.bin
c:\programdata\Fujitsu\DeskUpdate\1046743\netathr.inf
c:\programdata\Fujitsu\DeskUpdate\1046743\setup.exe
c:\programdata\Fujitsu\DeskUpdate\1046743\setup.ini
c:\programdata\Fujitsu\DeskUpdate\1046743\setup.inx
c:\programdata\Fujitsu\DeskUpdate\1046743\setup.iss
c:\programdata\Fujitsu\DeskUpdate\1047579\note.txt
c:\programdata\Fujitsu\DeskUpdate\1047579\rt86win7.cat
c:\programdata\Fujitsu\DeskUpdate\1047579\rt86win7.inf
c:\programdata\Fujitsu\DeskUpdate\1047579\rt86win7.sys
c:\programdata\Fujitsu\DeskUpdate\1047579\RtNicprop32.DLL
c:\programdata\Fujitsu\DeskUpdate\1047579\RTNUninst32.dll
c:\programdata\Fujitsu\DeskUpdate\1048245\iaAHCI.cat
c:\programdata\Fujitsu\DeskUpdate\1048245\iaAHCI.inf
c:\programdata\Fujitsu\DeskUpdate\1048245\iaStor.cat
c:\programdata\Fujitsu\DeskUpdate\1048245\iaStor.inf
c:\programdata\Fujitsu\DeskUpdate\1048245\iaStor.sys
c:\programdata\Fujitsu\DeskUpdate\1048245\license.txt
c:\programdata\Fujitsu\DeskUpdate\1048245\readme.txt
c:\programdata\Fujitsu\DeskUpdate\1048245\TXTSETUP.OEM
c:\programdata\Fujitsu\DeskUpdate\DeskUpdate.log.xml
c:\windows\system32\cmd.ico
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-28 bis 2012-11-28 ))))))))))))))))))))))))))))))
.
.
2012-11-28 14:39 . 2012-11-28 14:40 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-11-28 14:39 . 2012-11-28 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 11:18 . 2012-03-14 04:00 84992 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAD.DLL
2012-11-28 11:18 . 2012-03-14 04:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAD.DLL
2012-11-28 11:17 . 2012-03-14 04:00 311296 ----a-w- c:\windows\system32\CNMLMAD.DLL
2012-11-17 15:46 . 2012-11-17 15:46 -------- d-----w- c:\users\Admin\AppData\Roaming\x-formation
2012-11-17 15:46 . 2012-11-17 15:46 -------- d-----w- c:\programdata\x-formation
2012-11-17 15:46 . 2012-11-17 15:46 -------- d-----w- c:\users\Admin\AppData\Local\Altair
2012-11-17 15:44 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 15:44 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 15:44 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-17 15:44 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 15:44 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 15:44 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-17 15:44 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-17 15:44 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-17 15:44 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-17 15:44 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 04:36 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-16 04:36 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-16 04:36 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-16 04:36 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-16 04:36 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-16 04:36 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-16 04:36 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-16 04:36 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 04:36 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 04:36 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 04:36 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-16 04:36 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-02 22:42 . 2012-11-02 22:42 -------- d-----w- c:\users\Admin\AppData\Local\Diagnostics
2012-10-29 20:45 . 2012-10-29 20:45 -------- d-----w- C:\Swsetup
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-12 11:19 . 2012-09-21 10:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 11:19 . 2012-09-21 10:57 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 13:32 . 2012-09-26 08:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2012-09-25 10:28 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-23 06:25 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-09-22 12:55 . 2012-09-22 12:55 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-21 12:27 . 2012-09-21 12:27 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-21 12:27 . 2012-09-21 12:27 161792 ----a-w- c:\windows\system32\msls31.dll
2012-09-21 12:27 . 2012-09-21 12:27 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-21 12:27 . 2012-09-21 12:27 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-21 12:27 . 2012-09-21 12:27 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-09-21 12:27 . 2012-09-21 12:27 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-09-21 12:27 . 2012-09-21 12:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-21 12:27 . 2012-09-21 12:27 367104 ----a-w- c:\windows\system32\html.iec
2012-09-21 12:27 . 2012-09-21 12:27 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-21 12:27 . 2012-09-21 12:27 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-21 12:27 . 2012-09-21 12:27 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-09-21 12:27 . 2012-09-21 12:27 152064 ----a-w- c:\windows\system32\wextract.exe
2012-09-21 12:27 . 2012-09-21 12:27 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-09-21 12:27 . 2012-09-21 12:27 11776 ----a-w- c:\windows\system32\mshta.exe
2012-09-21 12:27 . 2012-09-21 12:27 101888 ----a-w- c:\windows\system32\admparse.dll
2012-09-18 22:59 . 2012-09-21 10:51 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49CE042A-A999-4DFC-804E-5AD94470E155}\mpengine.dll
2012-09-14 18:28 . 2012-10-21 16:02 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-07 18:26 . 2012-09-21 11:15 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-07 18:26 . 2012-09-21 11:15 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-07 18:26 . 2012-09-21 11:15 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-31 17:18 . 2012-10-21 16:02 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 17:12 . 2012-10-21 16:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-21 16:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-28 19:38 . 2012-10-28 19:38 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\program files\jeak.de\QIP 2012 Jeak-Edition\qip.exe" [2012-03-23 7351760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-09-06 162408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 71051979
*NewlyCreated* - ASWMBR
*Deregistered* - 71051979
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 12:55]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 12:55]
.
2012-11-28 c:\windows\Tasks\QIPdater 2012.job
- c:\program files\jeak.de\QIP 2012 Jeak-Edition\qipdater.exe [2012-03-27 19:29]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tult9ajn.default\
FF - ExtSQL: 2012-10-24 22:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2066243063-1105699576-1169010081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2066243063-1105699576-1169010081-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-28 15:43:02
ComboFix-quarantined-files.txt 2012-11-28 14:43
.
Vor Suchlauf: 12 Verzeichnis(se), 168.923.246.592 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 169.586.581.504 Bytes frei
.
- - End Of File - - 5D912BB50DCA1F8CF37162EE68398124
|
|
28.11.2012, 16:15
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.11.2012, 16:22
| #9 | |
| | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Hallo, anbei das neue Logfile: Zitat:
|
|
28.11.2012, 16:30
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.11.2012, 16:52
| #11 |
| | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Hallo Cosinus, hier sind die beiden Logfiles. Ich habe bisher alle Programme / Scans ohne die angeschlossene externe HDD durchgeführt. War das falsch? OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.11.2012 16:38:45 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,02% Memory free 5,85 Gb Paging File | 4,56 Gb Available in Paging File | 77,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 157,78 Gb Free Space | 52,93% Space Free | Partition Type: NTFS Computer Name: FUJITSU | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qip.exe (QIP) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) PRC - C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\Social\Social.dll () MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\MRA\MRA.dll () MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\MRA\pics.dll () MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Protos\InfICQ\InfICQ.dll () MOD - C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\Plugins\Win7Helper\Win7Helper.dll () MOD - C:\Windows\System32\IccLibDll.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (BBDemon) -- C:\Program Files\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe (Dassault Systemes) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBCCID) -- system32\DRIVERS\RtsUCcid.sys File not found DRV - (RtsUIR) -- system32\DRIVERS\Rts516xIR.sys File not found DRV - (RSUSBSTOR) -- System32\Drivers\RtsUStor.sys File not found DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM) DRV - (FUJ02E3) -- C:\Windows\System32\drivers\fuj02e3.sys (FUJITSU LIMITED) DRV - (FUJ02B1) -- C:\Windows\System32\drivers\fuj02b1.sys (FUJITSU LIMITED) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 5F 0D 04 45 BF CD 01 [binary data] IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 20:38:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 20:38:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.21 12:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.11.24 13:45:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\tult9ajn.default\extensions [2012.11.24 13:45:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\tult9ajn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.28 20:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.10.28 20:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.10.28 20:38:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.28 20:38:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Admin\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Google Update (Enabled) = C:\Users\Admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.11.28 15:40:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000..\Run: [Infium] C:\Program Files\jeak.de\QIP 2012 Jeak-Edition\qip.exe (QIP) O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{185516C8-46DF-471B-B15F-2003CFC09F12}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27514C3B-0225-4693-A3BC-4675FCE0D094}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.28 15:43:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.28 15:43:04 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.28 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp [2012.11.28 15:27:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.28 15:27:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.28 15:27:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.28 15:27:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.28 15:27:25 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.28 14:44:43 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe [2012.11.28 13:13:33 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe [2012.11.28 12:17:56 | 000,311,296 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMAD.DLL [2012.11.17 16:50:46 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.17 16:46:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\x-formation [2012.11.17 16:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\x-formation [2012.11.17 16:46:48 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\altair [2012.11.17 16:46:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Altair [2012.11.17 16:44:46 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2012.11.17 16:44:46 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2012.11.17 16:44:11 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2012.11.17 16:44:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2012.11.17 16:44:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2012.11.17 16:43:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.17 16:43:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.17 16:43:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.17 16:43:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.17 16:43:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.17 16:43:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.17 16:43:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.17 16:43:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.16 05:36:49 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2012.11.16 05:36:49 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2012.11.16 05:36:48 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2012.11.16 05:36:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.16 05:36:35 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.16 05:36:31 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2012.11.16 05:36:31 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2012.11.13 14:37:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\uni [2012.11.10 12:18:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.11.07 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Peter der Assi [2012.11.02 23:42:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Diagnostics [2012.10.29 21:45:31 | 000,000,000 | ---D | C] -- C:\Swsetup ========== Files - Modified Within 30 Days ========== [2012.11.28 16:05:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000UA.job [2012.11.28 15:56:42 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 15:56:42 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.28 15:48:59 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\QIPdater 2012.job [2012.11.28 15:48:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.28 15:48:41 | 2356,584,448 | -HS- | M] () -- C:\hiberfil.sys [2012.11.28 15:40:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.28 15:05:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2066243063-1105699576-1169010081-1000Core.job [2012.11.28 14:44:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe [2012.11.28 14:43:18 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat [2012.11.28 13:14:11 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe [2012.11.26 19:29:52 | 000,000,156 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.11.26 13:02:14 | 000,000,806 | ---- | M] () -- C:\Users\Admin\Desktop\DrWeb.csv [2012.11.25 11:44:01 | 000,003,584 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.17 17:12:33 | 000,305,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.17 16:53:45 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.17 16:53:45 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.17 16:53:45 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.17 16:53:45 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.17 16:51:32 | 000,002,603 | ---- | M] () -- C:\Users\Admin\Documents\command.cmf [2012.11.12 14:00:49 | 000,017,558 | ---- | M] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_10-11-2012_0301.pdf [2012.11.12 12:19:03 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.12 12:19:03 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.12 11:57:27 | 000,238,928 | ---- | M] () -- C:\Users\Admin\Desktop\fotobuch.jpg [2012.11.10 17:40:38 | 001,001,282 | ---- | M] () -- C:\Users\Admin\Desktop\e3.png [2012.11.10 12:18:08 | 371,964,956 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.11.08 16:57:40 | 000,002,752 | ---- | M] () -- C:\Users\Admin\Desktop\porsche-schriftzug_274x21px.jpg [2012.11.08 16:49:07 | 000,028,439 | ---- | M] () -- C:\Users\Admin\Desktop\GT.jpg [2012.11.08 14:39:27 | 000,015,743 | ---- | M] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_13-10-2012_0953-1.pdf [2012.11.03 22:38:09 | 000,034,901 | ---- | M] () -- C:\Users\Admin\Desktop\Konto_502656-Auszug_2012_010.pdf.pdf [2012.11.03 17:57:46 | 000,023,030 | ---- | M] () -- C:\Users\Admin\Desktop\Finanzreport_Nr.09_vom_01.11.2012064305-1.pdf [2012.11.03 12:25:07 | 000,034,620 | ---- | M] () -- C:\Users\Admin\Desktop\Kontoauszug_63218003__Nr.010_vom_01.11.2012_20121103122452.pdf [2012.11.03 12:24:46 | 000,028,545 | ---- | M] () -- C:\Users\Admin\Desktop\Kontoauszug_63218607__Nr.010_vom_01.11.2012_20121103122430.pdf [2012.10.29 23:10:21 | 000,086,924 | ---- | M] () -- C:\Users\Admin\Desktop\81X0gYpIPPL._AA1500_.jpg [2012.10.29 18:18:41 | 000,094,255 | ---- | M] () -- C:\Users\Admin\Desktop\Klettern.jpg ========== Files Created - No Company Name ========== [2012.11.28 15:27:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.28 15:27:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.28 15:27:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.28 15:27:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.28 15:27:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.28 13:25:49 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat [2012.11.26 19:29:51 | 000,000,156 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.11.25 11:44:01 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.17 16:48:10 | 000,002,603 | ---- | C] () -- C:\Users\Admin\Documents\command.cmf [2012.11.17 16:44:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 16:44:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.16 18:30:40 | 000,000,806 | ---- | C] () -- C:\Users\Admin\Desktop\DrWeb.csv [2012.11.12 14:00:49 | 000,017,558 | ---- | C] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_10-11-2012_0301.pdf [2012.11.12 11:57:27 | 000,238,928 | ---- | C] () -- C:\Users\Admin\Desktop\fotobuch.jpg [2012.11.10 17:40:37 | 001,001,282 | ---- | C] () -- C:\Users\Admin\Desktop\e3.png [2012.11.10 12:18:08 | 371,964,956 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.11.08 16:57:40 | 000,002,752 | ---- | C] () -- C:\Users\Admin\Desktop\porsche-schriftzug_274x21px.jpg [2012.11.08 16:49:07 | 000,028,439 | ---- | C] () -- C:\Users\Admin\Desktop\GT.jpg [2012.11.08 14:39:27 | 000,015,743 | ---- | C] () -- C:\Users\Admin\Desktop\PB_KAZ_KtoNr_0726057708_13-10-2012_0953-1.pdf [2012.11.03 22:38:09 | 000,034,901 | ---- | C] () -- C:\Users\Admin\Desktop\Konto_502656-Auszug_2012_010.pdf.pdf [2012.11.03 17:57:46 | 000,023,030 | ---- | C] () -- C:\Users\Admin\Desktop\Finanzreport_Nr.09_vom_01.11.2012064305-1.pdf [2012.11.03 12:25:07 | 000,034,620 | ---- | C] () -- C:\Users\Admin\Desktop\Kontoauszug_63218003__Nr.010_vom_01.11.2012_20121103122452.pdf [2012.11.03 12:24:45 | 000,028,545 | ---- | C] () -- C:\Users\Admin\Desktop\Kontoauszug_63218607__Nr.010_vom_01.11.2012_20121103122430.pdf [2012.10.29 23:10:21 | 000,086,924 | ---- | C] () -- C:\Users\Admin\Desktop\81X0gYpIPPL._AA1500_.jpg [2012.10.29 18:18:41 | 000,094,255 | ---- | C] () -- C:\Users\Admin\Desktop\Klettern.jpg [2012.09.22 19:35:54 | 000,016,975 | ---- | C] () -- C:\Users\Admin\candy.jpg [2012.09.22 14:25:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.09.22 14:05:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.09.21 11:53:42 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2012.01.10 21:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012.01.10 21:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012.01.10 21:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.01.10 20:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.01.10 20:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.01.10 20:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.11.2012 16:38:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,93 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 63,02% Memory free
5,85 Gb Paging File | 4,56 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 157,78 Gb Free Space | 52,93% Space Free | Partition Type: NTFS
Computer Name: FUJITSU | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CCA81ED-7F38-4219-9B45-50ABBFA4A987}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E031089-1F23-4B30-8BE9-A12514B812C0}" = rport=445 | protocol=6 | dir=out | app=system |
"{1AB6F99F-B55A-4EF7-A820-B25020303EC5}" = rport=139 | protocol=6 | dir=out | app=system |
"{20071828-4703-40D1-9FA4-A6D2E117BABE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2659FDA5-DD56-49FF-B58F-9A03C3E4A5A9}" = rport=138 | protocol=17 | dir=out | app=system |
"{3A2AAA46-E1F0-4EE4-A578-0B19DBBC2819}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E1B4502-6FA0-463B-9252-0C0D3505987E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43F50730-C456-4135-98A0-FDED2ACEB48F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{51AE98EF-6B3A-42C5-A016-D8A04BA91E77}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64D3804C-1094-41C5-8CB6-9AC530782EBC}" = lport=445 | protocol=6 | dir=in | app=system |
"{67AE0AF0-9DEC-4E61-89E9-4B8A82298AB2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75159396-C8B9-426F-8FF0-F010F0FEB800}" = lport=10243 | protocol=6 | dir=in | app=system |
"{75A787EC-D187-4480-8B6C-30C722673A3C}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D61E6DC-F70A-4643-95B8-4862878337BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86C0F8B4-B1B9-4528-84E9-7588E596BAB9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9EA49F75-3506-45AF-9B20-56FEF572BCDD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB96E35D-4E80-4B48-B53E-EA3248EA4EF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADBB765B-542B-4418-A79E-83AB89457C77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B2FC5747-9912-4CBF-8D58-10776E5C586C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BF3A242A-E0DE-47D5-A546-C09D0D41A61F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4DDA857-9104-434F-9667-3D3622F90992}" = lport=137 | protocol=17 | dir=in | app=system |
"{DB1A60ED-4766-4841-A09E-7C65ECF09AD3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC6FD45C-9E27-49DA-B5BB-E9B7CB279DF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{E356F9AE-55EE-4FB0-A3D2-4E8BFCBE31DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC9914E1-538F-438A-A354-51D5A42B801D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{F3A00202-41C2-4C6D-8975-A021D11937FE}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05669E49-4C38-4F20-8772-BE3F96267D36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CB681E8-D7F2-4C36-A6E6-6DCE73A3AB16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E438CD4-6177-4041-BC7D-427C95460D7F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{10A3AAAF-DE10-49A5-9C03-AB9D8ED3B1CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{24EAECE1-D8BA-4970-B353-22234D3FEF39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AADFBFD-5F03-4EEA-8895-5FB93F7BF0E7}" = dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe |
"{46CB2368-F55A-4A3C-8885-A5A5AEE591BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{60673D87-8578-4825-B971-4945A7A3B55C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72143582-5766-41C2-9AE5-EFBDA9419D83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7BCF1BAA-B0DD-4718-9668-A32C66DACBC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9404C740-8056-4FF7-8F95-DE6120728CFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{998B6097-B41C-4D0E-ADE3-1A7BA55E3FF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC1263D2-E9E3-4874-B8C4-C47978F33ABD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AFD2EFE8-627E-443F-BAB9-0FE0E22E8BB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBDDF7D4-5A5C-4F37-94E4-2CD87B6DD9ED}" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"{C79F760F-9162-4C2A-AAB5-B28F8AFCD85D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D419DA42-FE29-4355-89F6-97D0BC3CF95B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D489FC88-EF72-4EE0-AFE9-1FE6CECC70C4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5E6F58F-E0C8-42CB-91A6-493458ECFDFD}" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"{E84604DF-857F-4F8A-8FFE-5AB654C9008C}" = protocol=6 | dir=out | app=system |
"TCP Query User{05943D45-F61D-4614-A509-D62CA01B90F0}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe |
"TCP Query User{784970EC-4841-46D2-93B0-DE6C800E8C02}C:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe |
"TCP Query User{7A2C674B-9314-4530-A64D-DB2699BCF4AE}C:\spiele\blobby volley\volley.exe" = protocol=6 | dir=in | app=c:\spiele\blobby volley\volley.exe |
"TCP Query User{AE2842A7-0654-473F-AF05-4E4A7C86A897}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0410531C-413C-4A7B-B809-FAE5515C83B1}C:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\orbixd.exe |
"UDP Query User{49A769DB-8D90-41F8-8D4A-6321551349C4}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6B32386C-0428-4631-ADCD-3C597AA3C2A2}C:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b20\intel_a\code\bin\cnext.exe |
"UDP Query User{CA215497-3730-4F73-989E-07D730954CC0}C:\spiele\blobby volley\volley.exe" = protocol=17 | dir=in | app=c:\spiele\blobby volley\volley.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{2FBC78B6-125F-4E8C-8B18-2D7A3C2FD306}" = QIP 2012 7221 Jeak-Edition
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}" = Dassault Systemes Software Prerequisites x86
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Altair HyperWorks 11.0.0.39 (Local 32-bit)" = Altair HyperWorks 11.0.0.39 (Local 32-bit)
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dassault Systemes B20_0" = Dassault Systemes Software B20
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QIP 2012 7221 Jeak-Edition 4.0.7221" = QIP 2012 7221 Jeak-Edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2066243063-1105699576-1169010081-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2012 13:18:39 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren
werden.
Error - 29.10.2012 13:21:31 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Microsoft Windows Search Filter Host"
konnte nicht heruntergefahren werden.
Error - 29.10.2012 13:21:36 | Computer Name = Fujitsu | Source = Application Error | ID = 1000
Error - 29.10.2012 13:28:09 | Computer Name = Fujitsu | Source = VSS | ID = 8194
Description =
Error - 29.10.2012 13:29:21 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager
| ID = 10006
Description = Die Anwendung oder der Dienst "Windows Live Mail" konnte nicht heruntergefahren werden.
Error - 29.10.2012 13:29:33 | Computer Name = Fujitsu | Source = Microsoft-Windows-RestartManager
| ID = 10006
Description = Die Anwendung oder der Dienst "Windows Search" konnte nicht heruntergefahren werden.
Error - 05.11.2012 06:12:58 | Computer Name = Fujitsu | Source = Application Hang
| ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1318
Startzeit: 01cdbb394941a220
Endzeit: 37
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: 5d6ea3ff-2731-11e2-8ba7-e0ca94afd7d9
Error - 07.11.2012 14:34:48 | Computer Name = Fujitsu | Source = Application Hang
| ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 300
Startzeit: 01cdbd1674bd02da
Endzeit: 5
Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE
Berichts-ID: bdd29e8a-2909-11e2-87eb-e0ca94afd7d9
Error - 10.11.2012 12:40:19 | Computer Name = Fujitsu | Source = Application Hang
| ID = 1002
Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 5bc
Startzeit: 01cdbf3736e76fc2
Endzeit: 102
Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID: 4afdac3a-2b55-11e2-ad12-e0ca94afd7d9
Error - 11.11.2012 13:07:58 | Computer Name = Fujitsu | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 16.0.2.4680, Zeitstempel: 0x50882871
Name des fehlerhaften Moduls: xul.dll, Version: 16.0.2.4680, Zeitstempel: 0x508827d6
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00130ef7
ID des fehlerhaften Prozesses: 0x1260
Startzeit der fehlerhaften Anwendung: 0x01cdbffb43599fc4
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll
Berichtskennung: 56e09248-2c22-11e2-a136-e0ca94afd7d9
Error - 28.11.2012 09:01:30 | Computer Name = Fujitsu | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707, Zeitstempel: 0x509be8bf
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d24
ID des fehlerhaften Prozesses: 0xd54
Startzeit der fehlerhaften Anwendung: 0x01cdcd63af9878d3
Pfad der fehlerhaften Anwendung: C:\Users\Admin\Desktop\aswMBR.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: b9ef0ae1-395b-11e2-a1a5-e0ca94afd7d9
Error encountered while reading event logs.
< End of report >
|
|
28.11.2012, 16:56
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.11.2012, 11:27
| #13 | |
| | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Hallo cosinus, sorry, das scannen hat ein bisschen länger gedauert: Wollte es über Nacht laufen lassen, aber habe nicht bedacht, dass ich auch die Einstellung für den Stromsparmodus entsprechend ändern sollte  Hier ist das Ergebnis von Eset, sieht ganzschön viel aus: Zitat:
|
|
30.11.2012, 12:23
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.11.2012, 12:40
| #15 |
| | Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen Hallo cosinus, das sind noch Dateien von der Reise meiner Freundin, stammen also eigentlich nicht von mir. Wenn die Dateien evtl. nicht den Board-Regeln entsprechen, könntest du mir ja bitte Hinweise für die anderen Dateien geben? Danke Grüße M4rc31 |
|
| Themen zu Daten auf Wechseldatenträger nur noch Verknüpfungen, die auf *.exe verweisen |
| dateien, daten, festplatte, folge, formatieren, freundin, gen, hallo zusammen, komplett, löschen, nicht löschen, nichts, ordner, platte, problem, rechner, retten, system, systeme, trojan, trojaner, verschwunden, versteckte, virus, wechseldatenträger, wichtige daten |
Linear-Darstellung
