Hallo,
ich habe mir den Bundespolizei Trojaner eingefangen, der mir im Moment ein wenig zu schaffen macht. Dabei werde ich aufgefordert 100 Euro per Ucash zu überweisen um mein System wieder nutzen zu können. Ich benutze ein windows 7 64 bit System, falls das irgendwie nützlich ist.

http://www.trojaner-board.de/103221-...-trojaner.html
Darunter habe ich mal nachgesehen und bin der Anleitung von cosinus gefolgt. Srep habe ich mir runtergeladen und dann im abgesicherten Modus laufen lassen, allerdings wird mir da ausgegeben das keine shell Datei gefunden wurde.

Wäre schön wenn jemand mir einen Tip geben kann was zu tun ist und wie ich diesen Trojaner wieder loswerden kann.
Vielen Dank schonmal,
reiskeks

Das kam bei srep raus:

WIN_7 X64 Service Pack 1
Running from F:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.


[System Process]
System
smss.exe
csrss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
explorer.exe
WmiPrvSE.exe
srep.exe


HKLM\..\Run [IAStorIcon] = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\..\Run [TOSDCR] = %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
HKLM\..\Run [TWebCamera] = "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
HKLM\..\Run [ITSecMng] = %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
HKLM\..\Run [TRCMan] = C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
HKLM\..\Run [TUSBSleepChargeSrv] = %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
HKLM\..\Run [avgnt] = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [Adobe Reader Speed Launcher] = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\..\Run [Adobe ARM] = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\..\Run [FreePDF Assistant] = "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"

HKCU\..\Run [TOSHIBA Online Product Information] = C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
HKCU\..\Run [swg] = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKCU\..\Run [ICQ] = "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4
HKCU\..\Run [Steam] = "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKCU\..\Run [Userinit] = C:\Users\Julia\AppData\Roaming\appconf32.exe
HKCU\..\Run [avupdate] = C:\Users\Julia\AppData\Roaming\mahmud.exe

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-3903552563-2509207045-3370339665-1003\..\Winlogon; Shell =
HKU\S-1-5-21-3903552563-2509207045-3370339665-1003_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\.DEFAULT\..\Run [TOSHIBA Online Product Information] = C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3903552563-2509207045-3370339665-1003\..\Run [TOSHIBA Online Product Information] = C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe
HKU\S-1-5-21-3903552563-2509207045-3370339665-1003\..\Run [swg] = "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3903552563-2509207045-3370339665-1003\..\Run [ICQ] = "C:\Program Files (x86)\ICQ7.6\ICQ.exe" silent loginmode=4
HKU\S-1-5-21-3903552563-2509207045-3370339665-1003\..\Run [Steam] = "C:\Program Files (x86)\Steam\Steam.exe" -silent
HKU\S-1-5-21-3903552563-2509207045-3370339665-1003\..\Run [Userinit] = C:\Users\Julia\AppData\Roaming\appconf32.exe
HKU\S-1-5-21-3903552563-2509207045-3370339665-1003\..\Run [avupdate] = C:\Users\Julia\AppData\Roaming\mahmud.exe
HKU\S-1-5-18\..\Run [TOSHIBA Online Product Information] = C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe


x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2871808- ]
No action taken
HKCUx6464\..\Winlogon; Shell =
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell =

==== FINISH 21.11-14.57 ====

wenn dein pc im abges.modus läuft mal folgendes:
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

• Doppelklick auf die
  OTL.exe
  
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
  Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan
  links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

Hallo,
vielen Dank für die schnelle Hilfe. Also OTL hat bei mir diese Dateien erstellt:

desktop.ini

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Microsoft Office - 60 Day Trial.lnk=@C:\PROGRA~2\MICROS~3\mui\oaa.dll,-103

noch eine desktop.ini

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

und dann noch der OTL log:OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 21.11.2011 16:46:21 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Julia\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,86 Gb Total Physical Memory | 4,74 Gb Available Physical Memory | 80,94% Memory free
11,72 Gb Paging File | 10,61 Gb Available in Paging File | 90,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,02 Gb Total Space | 373,40 Gb Free Space | 81,88% Space Free | Partition Type: NTFS
Drive D: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JULIA-TOSH | User Name: Julia | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Julia\Downloads\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WTGService) -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe ()
SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (hidshim) -- C:\Windows\SysNative\drivers\hidshim.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (nuvotonhidcir) -- C:\Windows\SysNative\drivers\nuvotonhidcir.sys (Nuvoton Technology Corporation)
DRV:64bit: - (nuvotonir) -- C:\Windows\SysNative\drivers\nuvotonir.sys (Nuvoton Technology Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.10 08:33:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.31 08:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.08.20 20:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\Extensions
[2011.10.26 10:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\Firefox\Profiles\lciwqmrq.default\extensions
[2011.10.26 10:03:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Julia\AppData\Roaming\mozilla\Firefox\Profiles\lciwqmrq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.09.07 20:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.09.07 20:52:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011.04.10 08:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011.04.10 08:33:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.01.01 09:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.11.18 09:38:46 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe ()
O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [avupdate] C:\Users\Julia\AppData\Roaming\mahmud.exe (Agnitum Ltd.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKCU..\Run: [Userinit] C:\Users\Julia\AppData\Roaming\appconf32.exe ()
O4 - Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53865356-8237-4773-BE1D-AE315541FA4C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE839AC9-1696-421B-8CB8-0306FF84F398}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{7ad16bf5-9684-11de-848c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7ad16bf5-9684-11de-848c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.10.06 16:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.21 09:20:30 | 000,189,952 | ---- | C] (Agnitum Ltd.) -- C:\Users\Julia\AppData\Roaming\mahmud.exe
[2011.11.18 20:38:44 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\dvdcss
[2011.11.18 19:22:20 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\xmldm
[2011.11.18 19:21:49 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\kock
[2011.11.18 08:44:27 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\FileZilla
[2011.11.18 08:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.11.18 08:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011.11.17 14:28:57 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Avira
[2011.11.16 08:23:51 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\LyX2.0
[2011.11.15 18:19:12 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\Skyrim
[2011.11.15 18:18:54 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2011.11.15 18:18:54 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2011.11.15 18:18:54 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2011.11.15 18:18:54 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2011.11.15 18:18:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2011.11.15 18:18:52 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2011.11.15 18:18:50 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2011.11.15 18:18:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2011.11.15 18:18:49 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2011.11.15 18:18:49 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_5.dll
[2011.11.15 18:18:47 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2011.11.15 18:18:47 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_42.dll
[2011.11.15 18:18:47 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2011.11.15 18:18:47 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2011.11.15 18:18:46 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2011.11.15 18:18:46 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2011.11.15 18:18:46 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2011.11.15 18:18:46 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2011.11.15 18:18:45 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2011.11.15 18:18:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2011.11.15 18:18:45 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_42.dll
[2011.11.15 18:18:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_42.dll
[2011.11.15 18:18:44 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2011.11.15 18:18:44 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_41.dll
[2011.11.15 18:18:44 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2011.11.15 18:18:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_41.dll
[2011.11.15 18:18:43 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2011.11.15 18:18:43 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2011.11.15 18:18:42 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2011.11.15 18:18:42 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2011.11.15 18:18:42 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2011.11.15 18:18:42 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2011.11.15 18:18:42 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2011.11.15 18:18:42 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2011.11.15 18:18:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2011.11.15 18:18:42 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2011.11.15 18:18:42 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2011.11.15 18:18:42 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_3.dll
[2011.11.15 18:18:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2011.11.15 18:18:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2011.11.15 18:18:41 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2011.11.15 18:18:41 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2011.11.15 18:18:40 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2011.11.15 18:18:40 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2011.11.15 18:18:40 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2011.11.15 18:18:40 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2011.11.15 18:18:40 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2011.11.15 18:18:40 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2011.11.15 18:18:39 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2011.11.15 18:18:39 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2011.11.15 18:18:38 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2011.11.15 18:18:38 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2011.11.15 18:18:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2011.11.15 18:18:38 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2011.11.15 18:18:38 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2011.11.15 18:18:38 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2011.11.15 18:18:37 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2011.11.15 18:18:37 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2011.11.15 18:18:37 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2011.11.15 18:18:36 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_1.dll
[2011.11.15 18:18:36 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_1.dll
[2011.11.15 18:18:36 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_0.dll
[2011.11.15 18:18:36 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_0.dll
[2011.11.15 18:18:35 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_38.dll
[2011.11.15 18:18:35 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_38.dll
[2011.11.15 18:18:35 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_38.dll
[2011.11.15 18:18:35 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_38.dll
[2011.11.15 18:18:35 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_38.dll
[2011.11.15 18:18:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_38.dll
[2011.11.15 18:18:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_1.dll
[2011.11.15 18:18:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_1.dll
[2011.11.15 18:18:35 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_4.dll
[2011.11.15 18:18:35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2011.11.15 18:18:34 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_0.dll
[2011.11.15 18:18:34 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_0.dll
[2011.11.15 18:18:34 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_0.dll
[2011.11.15 18:18:34 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_0.dll
[2011.11.15 18:18:34 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_3.dll
[2011.11.15 18:18:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_3.dll
[2011.11.15 18:18:33 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_37.dll
[2011.11.15 18:18:33 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_37.dll
[2011.11.15 18:18:33 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_37.dll
[2011.11.15 18:18:33 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_37.dll
[2011.11.15 18:18:33 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_37.dll
[2011.11.15 18:18:33 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_37.dll
[2011.11.15 18:18:32 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2011.11.15 18:18:32 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2011.11.15 18:18:31 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2011.11.15 18:18:31 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2011.11.15 18:18:31 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2011.11.15 18:18:31 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2011.11.15 18:18:28 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2011.11.15 18:18:28 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2011.11.15 18:18:27 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2011.11.15 18:18:27 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2011.11.15 18:18:25 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2011.11.15 18:18:25 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2011.11.15 18:18:25 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2011.11.15 18:18:25 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2011.11.15 18:18:23 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2011.11.15 18:18:23 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2011.11.15 18:18:23 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2011.11.15 18:18:23 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2011.11.15 18:18:23 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2011.11.15 18:18:23 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2011.11.15 18:18:20 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2011.11.15 18:18:20 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2011.11.15 18:18:20 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2011.11.15 18:18:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2011.11.15 18:18:19 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2011.11.15 18:18:19 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2011.11.15 18:18:18 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2011.11.15 18:18:18 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2011.11.15 18:18:17 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2011.11.15 18:18:17 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2011.11.15 18:18:16 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2011.11.15 18:18:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2011.11.15 18:18:16 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2011.11.15 18:18:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2011.11.15 18:18:13 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2011.11.15 18:18:13 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2011.11.15 18:18:12 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2011.11.15 18:18:12 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2011.11.15 18:18:12 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2011.11.15 18:18:12 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2011.11.15 18:18:11 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2011.11.15 18:18:11 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2011.11.15 18:18:09 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2011.11.15 18:18:09 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2011.11.15 18:18:09 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2011.11.15 18:18:09 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2011.11.15 18:18:07 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2011.11.15 18:18:07 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2011.11.15 18:18:07 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2011.11.15 18:18:07 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2011.11.15 18:18:06 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2011.11.15 18:18:06 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2011.11.15 18:18:05 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2011.11.15 18:18:05 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2011.11.15 18:18:05 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2011.11.15 18:18:05 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2011.11.15 18:18:04 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2011.11.15 18:18:04 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2011.11.15 18:17:55 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2011.11.15 18:17:55 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2011.11.15 18:17:54 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2011.11.15 18:17:54 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2011.11.15 18:17:54 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2011.11.15 18:17:54 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2011.11.15 18:17:52 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2011.11.15 18:17:52 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2011.11.15 18:17:50 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2011.11.15 18:17:50 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2011.11.15 18:17:48 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2011.11.15 18:17:48 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2011.11.15 18:17:45 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2011.11.15 18:17:45 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2011.11.15 18:17:42 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2011.11.15 18:17:42 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2011.11.15 18:17:39 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2011.11.15 18:17:39 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2011.11.15 18:16:59 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\My Games
[2011.11.14 08:25:00 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\Audible
[2011.11.14 08:23:50 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc71.dll
[2011.11.14 08:23:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3a.dll
[2011.11.14 08:23:13 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\Audible
[2011.11.14 08:23:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2011.11.10 13:14:52 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\MiKTeX
[2011.11.10 13:14:42 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\MiKTeX
[2011.11.10 13:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2011.11.10 13:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2011.11.10 13:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX 2.9
[2011.11.10 13:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyX20
[2011.11.07 18:31:23 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\Exercise1
[2011.11.07 18:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2011.11.07 18:27:49 | 000,588,144 | ---- | C] (Juniper Networks) -- C:\windows\SysNative\dsNcSmartCardProv.dll
[2011.11.07 18:27:49 | 000,419,696 | ---- | C] (Juniper Networks) -- C:\windows\SysNative\dsNcCredProv.dll
[2011.11.07 18:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks
[2011.11.07 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Juniper Networks
[2011.11.06 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Template
[2011.11.02 21:30:58 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\Portal 2
[2011.10.31 07:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011.10.31 07:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011.10.25 16:12:04 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\MIPExercise1
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.21 16:42:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.11.21 16:42:32 | 423,956,479 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.21 16:41:45 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.21 16:41:45 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.21 16:39:34 | 001,527,504 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011.11.21 16:39:34 | 000,664,800 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011.11.21 16:39:34 | 000,624,942 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011.11.21 16:39:34 | 000,134,936 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011.11.21 16:39:34 | 000,110,580 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011.11.21 16:34:48 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.21 14:19:52 | 000,754,674 | ---- | M] () -- C:\Users\Julia\Desktop\srep.exe
[2011.11.21 09:20:30 | 000,189,952 | ---- | M] (Agnitum Ltd.) -- C:\Users\Julia\AppData\Roaming\mahmud.exe
[2011.11.21 08:58:14 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.18 09:11:12 | 183,491,004 | ---- | M] () -- C:\Users\Julia\Desktop\The.Big.Bang.Theory.S05E10.HDTV.XviD-ASAP.avi
[2011.11.17 21:22:53 | 367,003,218 | ---- | M] () -- C:\Users\Julia\Desktop\house.804.hdtv-lol.avi
[2011.11.17 20:45:33 | 366,565,246 | ---- | M] () -- C:\Users\Julia\Desktop\house.803.hdtv-lol.avi
[2011.11.17 15:27:16 | 366,396,854 | ---- | M] () -- C:\Users\Julia\Desktop\house.802.hdtv-lol.avi
[2011.11.17 14:14:11 | 366,421,872 | ---- | M] () -- C:\Users\Julia\Desktop\House.S08E01.HDTV.XviD-LOL.avi
[2011.11.14 20:05:44 | 000,025,323 | ---- | M] () -- C:\Users\Julia\Desktop\Biophysikalisches Praktikum Tabelle Timmermeyer Esser.pdf
[2011.11.14 20:04:01 | 001,205,956 | ---- | M] () -- C:\Users\Julia\Desktop\Biophysikalisches Praktikum Timmermeyer Esser.pdf
[2011.11.10 13:25:37 | 000,114,251 | ---- | M] () -- C:\Users\Julia\Documents\Bullshit.pdf
[2011.11.09 21:16:43 | 000,859,653 | ---- | M] () -- C:\Users\Julia\Desktop\FLT_EYQUM112473_0.pdf
[2011.11.09 11:22:41 | 000,408,216 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011.11.06 17:54:26 | 000,000,278 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\wklnhst.dat
[2011.11.04 20:43:17 | 000,002,010 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2011.10.31 07:20:22 | 000,002,202 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.21 14:19:50 | 000,754,674 | ---- | C] () -- C:\Users\Julia\Desktop\srep.exe
[2011.11.18 08:55:56 | 183,491,004 | ---- | C] () -- C:\Users\Julia\Desktop\The.Big.Bang.Theory.S05E10.HDTV.XviD-ASAP.avi
[2011.11.17 20:52:09 | 367,003,218 | ---- | C] () -- C:\Users\Julia\Desktop\house.804.hdtv-lol.avi
[2011.11.17 20:16:38 | 366,565,246 | ---- | C] () -- C:\Users\Julia\Desktop\house.803.hdtv-lol.avi
[2011.11.17 14:28:08 | 366,396,854 | ---- | C] () -- C:\Users\Julia\Desktop\house.802.hdtv-lol.avi
[2011.11.17 13:09:52 | 366,421,872 | ---- | C] () -- C:\Users\Julia\Desktop\House.S08E01.HDTV.XviD-LOL.avi
[2011.11.14 20:05:44 | 000,025,323 | ---- | C] () -- C:\Users\Julia\Desktop\Biophysikalisches Praktikum Tabelle Timmermeyer Esser.pdf
[2011.11.14 20:04:00 | 001,205,956 | ---- | C] () -- C:\Users\Julia\Desktop\Biophysikalisches Praktikum Timmermeyer Esser.pdf
[2011.11.10 13:25:35 | 000,114,251 | ---- | C] () -- C:\Users\Julia\Documents\Bullshit.pdf
[2011.11.10 13:14:42 | 000,001,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LyX 2.0.lnk
[2011.11.09 21:16:43 | 000,859,653 | ---- | C] () -- C:\Users\Julia\Desktop\FLT_EYQUM112473_0.pdf
[2011.11.06 17:53:29 | 000,000,278 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\wklnhst.dat
[2011.10.31 07:20:22 | 000,002,202 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011.08.20 20:58:55 | 000,000,093 | ---- | C] () -- C:\Users\Julia\AppData\Local\fusioncache.dat
[2011.04.17 18:58:06 | 001,554,122 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.04.17 18:10:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.18 12:40:28 | 000,180,224 | ---- | C] () -- C:\windows\SysWow64\hpputoar.dll
[2009.09.01 08:04:50 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009.08.02 23:21:54 | 000,197,912 | ---- | C] () -- C:\windows\SysWow64\physxcudart_20.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008.12.09 16:23:13 | 000,054,048 | RHS- | C] () -- C:\Users\Julia\AppData\Roaming\appconf32.exe
[2008.02.07 09:05:18 | 000,163,840 | ---- | C] () -- C:\windows\SysWow64\hppatusg01.dll

< End of report >
         

--- --- ---

hiho
achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKCU..\Run: [Userinit] C:\Users\Julia\AppData\Roaming\appconf32.exe ()
O4 - HKCU..\Run: [avupdate] C:\Users\Julia\AppData\Roaming\mahmud.exe (Agnitum Ltd.)

:Files
C:\Users\Julia\AppData\Roaming\appconf32.exe
C:\Users\Julia\AppData\Roaming\mahmud.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
der start in den normalen modus sollte klappen
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

Hallo,
so zip Archiv habe ich hochgeladen und hier nun die Textdatei von OTL:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully.
C:\Users\Julia\AppData\Roaming\appconf32.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
C:\Users\Julia\AppData\Roaming\mahmud.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Julia\AppData\Roaming\appconf32.exe not found.
File\Folder C:\Users\Julia\AppData\Roaming\mahmud.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Helmut
->Flash cache emptied: 42077 bytes

User: Julia
->Flash cache emptied: 56984 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Helmut
->Temp folder emptied: 111096536 bytes
->Temporary Internet Files folder emptied: 109561069 bytes
->FireFox cache emptied: 71355053 bytes
->Flash cache emptied: 0 bytes

User: Julia
->Temp folder emptied: 117634039 bytes
->Temporary Internet Files folder emptied: 11340312 bytes
->Java cache emptied: 6451531 bytes
->FireFox cache emptied: 60481971 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96736489 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 1597058168 bytes

Total Files Cleaned = 2.081,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11212011_173937

Files\Folders moved on Reboot...
C:\Users\Julia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

hi
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Hallo,
dann noch einmal der ComboFix Log:
Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-11-21.01 - Julia 21.11.2011  18:13:59.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6000.4243 [GMT 1:00]
ausgeführt von:: c:\users\Julia\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-21 bis 2011-11-21  ))))))))))))))))))))))))))))))
.
.
2011-11-21 17:21 . 2011-11-21 17:21	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0A4074D-629A-45AF-ADD5-97B6596A8555}\offreg.dll
2011-11-21 17:20 . 2011-11-21 17:20	--------	d-----w-	c:\users\Helmut\AppData\Local\temp
2011-11-21 17:20 . 2011-11-21 17:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-21 16:39 . 2011-11-21 16:54	--------	d-----w-	C:\_OTL
2011-11-21 15:49 . 2011-11-21 15:49	--------	d-----w-	c:\users\Julia\AppData\Local\ElevatedDiagnostics
2011-11-18 19:38 . 2011-11-18 19:38	--------	d-----w-	c:\users\Julia\AppData\Roaming\dvdcss
2011-11-18 18:22 . 2011-11-18 18:22	--------	d-----w-	c:\users\Julia\AppData\Roaming\xmldm
2011-11-18 18:21 . 2011-11-18 18:21	--------	d-----w-	c:\users\Julia\AppData\Roaming\kock
2011-11-18 07:44 . 2011-11-18 07:50	--------	d-----w-	c:\users\Julia\AppData\Roaming\FileZilla
2011-11-18 07:44 . 2011-11-18 07:44	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2011-11-18 07:23 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0A4074D-629A-45AF-ADD5-97B6596A8555}\mpengine.dll
2011-11-17 13:28 . 2011-11-17 13:28	--------	d-----w-	c:\users\Julia\AppData\Roaming\Avira
2011-11-16 07:23 . 2011-11-16 07:24	--------	d-----w-	c:\users\Julia\AppData\Roaming\LyX2.0
2011-11-15 17:19 . 2011-11-15 17:19	--------	d-----w-	c:\users\Julia\AppData\Local\Skyrim
2011-11-14 07:25 . 2011-11-14 07:25	--------	d-----w-	c:\users\Julia\AppData\Local\Audible
2011-11-14 07:23 . 2003-03-18 20:20	1060864	------w-	c:\windows\SysWow64\mfc71.dll
2011-11-14 07:23 . 2003-03-18 19:14	499712	------w-	c:\windows\SysWow64\msvcp71.dll
2011-11-14 07:23 . 2003-02-21 03:42	348160	------w-	c:\windows\SysWow64\msvcr71.dll
2011-11-14 07:23 . 2001-08-17 21:43	24576	------w-	c:\windows\SysWow64\msxml3a.dll
2011-11-10 12:14 . 2011-11-10 12:14	--------	d-----w-	c:\users\Julia\AppData\Roaming\MiKTeX
2011-11-10 12:14 . 2011-11-10 12:14	--------	d-----w-	c:\users\Julia\AppData\Local\MiKTeX
2011-11-10 12:13 . 2011-11-10 12:13	--------	d-----w-	c:\programdata\MiKTeX
2011-11-10 12:11 . 2011-11-10 12:12	--------	d-----w-	c:\program files (x86)\MiKTeX 2.9
2011-11-10 12:06 . 2011-11-10 12:07	--------	d-----w-	c:\program files (x86)\LyX20
2011-11-09 06:17 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 06:17 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 06:17 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 06:17 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-07 17:27 . 2011-11-07 17:27	--------	d-----w-	c:\users\Public\Juniper Networks
2011-11-07 17:27 . 2011-04-12 20:41	588144	----a-w-	c:\windows\system32\dsNcSmartCardProv.dll
2011-11-07 17:27 . 2011-04-12 20:41	419696	----a-w-	c:\windows\system32\dsNcCredProv.dll
2011-11-07 17:26 . 2011-11-07 17:27	--------	d-----w-	c:\program files (x86)\Juniper Networks
2011-11-07 17:26 . 2011-11-07 17:27	--------	d-----w-	c:\users\Julia\AppData\Roaming\Juniper Networks
2011-11-06 16:53 . 2011-11-06 16:53	--------	d-----w-	c:\users\Julia\AppData\Roaming\Template
2011-10-26 07:25 . 2011-08-13 05:27	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-26 07:25 . 2011-08-13 04:18	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-01 03:25 . 2011-10-13 12:35	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 12:35	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-09-22 11:14 . 2011-09-22 11:14	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-27 05:37 . 2011-10-13 12:35	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 12:35	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 12:35	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 12:35	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-08-24 20:17 . 2011-08-24 20:17	21832	----a-w-	c:\windows\system32\drivers\hamachi.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\TOPI.exe" [2009-08-12 6203296]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-05 39408]
"ICQ"="c:\program files (x86)\ICQ7.6\ICQ.exe" [2011-10-10 127040]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-10-12 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-11-5 2717024]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-15 136360]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\wtgservice.exe [2011-04-17 330696]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [x]
S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:35]
.
2011-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-10 07:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-13 16414824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8312352]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\lciwqmrq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-(Standard) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-21  18:28:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-21 17:28
.
Vor Suchlauf: 10 Verzeichnis(se), 402.760.744.960 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 402.257.760.256 Bytes frei
.
- - End Of File - - 91D25B9BE3D7A8A55A4618D0D027ADC9
         

--- --- ---

hi,
nutzt du das system für onlinebanking einkäufe oder sonst was wichtiges wie zb berufliches?

Hallo,
ja Onlinebanking läuft darüber und onlineeinkäufe aber nichts berufliches.

hi, du hast den sogenannten trojan.banker
bitte lasse umgehend dein onlinebanking sperren, notfall nummer:
116 116
wie der name schon sagt, stiehlt dieser banking daten, kann aber noch anderes zeug einsammeln.
eine bereinigung ist leider nicht 100 %ig sicher, dies wäre aber, da du onlinebanking machst, nötig.
ich würde daher vorschlagen, dass du wichtige daten, wie bilder musik dokumente, sicherst.
deaktiviere autorun:
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de
dann sichere auf externe datenträger.
dann formatieren wir das system, wie das geht erkläre ich dir gern.
danach zeige ich dir, wie man das system vernünftig absichert und sag noch was zum sicheren onlinebanking, dann müssen alle passwörter geendert werden

Hallo,
vielen Dank, online banking habe ich gerade eben sperren lassen und alle wichtigen Daten soweit auf eine externe Festplatte gezogen. Glaub da bin ich ne wenig zu blauäugig drangegangen. Bräuchte dann auch Hilfe zum formatieren der Festplatte.

macht ja nichts, so lange man was draus lernt.
hast du ne windows cd, recovery cd oder ne recovery funktion des laptops bzw pcs, falls letzteres benötige ich den hersteller und gerätetypen.

leider nur die automatische systemwiederherstellung von windows, ich benutze den laptop erst ein paar monate, reicht es wenn ich einfach den frühesten wiederherstellungspunkt nehme?

nein das reicht nicht.
na du musst doch was zu dem gerät dazu bekommen haben, bzw wie heißt das gerät

das ist ein Toshiba Qosmio F60, beim Gerät selber war ncihts dabei