Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei-Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.08.2012, 13:00   #1
xtallix
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Hallo,

Ich habe mir den schon altbekannten Bundespolizei-Trojaner eingefangen, bei dem einfach gar nichts mehr funktioniert.
Im abgesicherten Modus lief mein Laptop dann ganz normal und ich führte eine Systemwiederherstellung durch. Danach konnte ich den Laptop auch ganz normal wieder hochfahren. Alles funktioniert, nichts ist auffällig. AntiVir und Malwarebytes haben auch nichts gefunden.
Da ich aber überhaupt keine Ahnung davon habe, wende ich mich nun an Euch, damit da mal jemand drüber schauen kann.

Wie muss ich nun vorgehen, um sicher zu sein, dass er wirklich weg ist?


Liebe Grüße,
Talisha

Zitat:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
xxxxxxx :: xxxxxxxxxxx [Administrator]

Schutz: Aktiviert

23.08.2012 14:01:54
mbam-log-2012-08-23 (14-01-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215714
Laufzeit: 2 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Geändert von xtallix (23.08.2012 um 13:05 Uhr)

Alt 24.08.2012, 02:28   #2
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner





CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 24.08.2012, 10:44   #3
xtallix
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Erstmal danke für die schnelle Antwort.

Hier die txt von OTL

Code:
ATTFilter
OTL logfile created on: 24.08.2012 11:19:33 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Nadine Sandmann\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,18% Memory free
8,00 Gb Paging File | 6,31 Gb Available in Paging File | 78,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,99 Gb Total Space | 63,84 Gb Free Space | 36,90% Space Free | Partition Type: NTFS
Drive D: | 115,33 Gb Total Space | 102,55 Gb Free Space | 88,92% Space Free | Partition Type: NTFS
 
Computer Name: TALLI | User Name: Nadine Sandmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nadine Sandmann\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (HPSLPSVC) -- C:\Users\NADINE~1\AppData\Local\Temp\7zS78D9\hpslpsvc64.dll (Hewlett-Packard Co.)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CoordinatorServiceHost) -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ghaio) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 8A CF 39 C9 6D CD 01  [binary data]
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes,DefaultScope = {DAFFB72C-1F8A-407F-A58C-6AD4DC86E886}
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes\{DAFFB72C-1F8A-407F-A58C-6AD4DC86E886}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 1641.77.222232.226:8080
 
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.ftp: "159.224.205.252"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "90.183.248.54"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "159.224.205.252"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "159.224.205.252"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nadine Sandmann\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nadine Sandmann\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll (Vitzo)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.02.07 16:33:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.25 20:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files (x86)\VDownloader\Addons\FireFox [2012.03.18 22:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.12 09:42:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.23 12:43:30 | 000,000,000 | ---D | M]
 
[2012.01.14 15:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine Sandmann\AppData\Roaming\mozilla\Extensions
[2012.04.21 16:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine Sandmann\AppData\Roaming\mozilla\Firefox\Profiles\y5yxrob3.default\extensions
[2012.04.26 20:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.26 20:37:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.23 12:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.02.23 12:20:00 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2012.02.25 20:03:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.03.18 22:51:34 | 000,000,000 | ---D | M] (VDownloader) -- C:\PROGRAM FILES (X86)\VDOWNLOADER\ADDONS\FIREFOX
[2012.04.21 16:52:19 | 000,181,438 | ---- | M] () (No name found) -- C:\USERS\NADINE SANDMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y5YXROB3.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.04.21 16:52:24 | 000,565,918 | ---- | M] () (No name found) -- C:\USERS\NADINE SANDMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y5YXROB3.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.01.29 18:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: VDownloader (Enabled) = C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll
CHR - Extension: YouTube = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: F.B. Purity - Cleans Up Facebook = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\6.7.1_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.02.07 17:55:38 | 000,002,056 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com 
O1 - Hosts: 127.0.0.1 adobeereg.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 practivate.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.adobe.com 
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com 
O1 - Hosts: 127.0.0.1 wip3.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com 
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com 
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com 
O1 - Hosts: 127.0.0.1 3dns.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com 
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.de 
O1 - Hosts: 127.0.0.1 practivate.adobe.de 
O1 - Hosts: 14 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IEExtension.VDownloaderBHO) - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\Run: [20090604] C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.exe (DataLode, Inc.)
O4 - HKU\S-1-5-18..\Run: [20090604] C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.exe (DataLode, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0065A896-9E16-4D3E-9C5F-83A8AB1EED6F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bbcc9377-35fa-11e1-be01-0023541e39aa}\Shell - "" = AutoRun
O33 - MountPoints2\{bbcc9377-35fa-11e1-be01-0023541e39aa}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpFolder: C:^Users^Nadine Sandmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\NADINE~1\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^Nadine Sandmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Nadine Sandmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VDownloader.lnk -  - File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BambooCore - hkey= - key= - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Nadine Sandmann\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - serwvdrv.dll (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.24 01:50:22 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{20465E1D-9D2C-4FBB-A9EA-B7D72F8CCFDD}
[2012.08.23 12:52:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\elsterformular
[2012.08.23 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.08.23 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.08.23 12:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.08.23 12:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.23 12:00:56 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{4709E8AD-DA51-48D6-887F-96FD1E2CD9F5}
[2012.08.21 19:19:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\Desktop\bilderbilder3
[2012.08.21 19:12:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{7D65C231-641B-4A7F-A4F7-789955607C69}
[2012.08.15 18:03:41 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{64B264D5-2A4B-4C2C-BD91-B9826CBBDC8F}
[2012.08.15 18:03:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{2CCDF18A-FF00-496F-9623-274D18D47758}
[2012.08.13 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{6AFBC841-55C9-41C0-A858-4A5496D35A31}
[2012.08.13 12:36:12 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{4C973F18-2DBF-469A-BC03-439029CDC34C}
[2012.08.12 21:26:38 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\Malwarebytes
[2012.08.12 21:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.12 21:26:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.12 21:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.12 21:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.12 21:19:10 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{1DE70EE0-213C-471B-93A0-9BE382EF74C9}
[2012.08.12 21:17:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{5A1BF89D-659C-4A0A-A1BB-74EC276561A2}
[2012.08.12 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\cffiksbhrtiuiyi
[2012.08.12 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{3967F28F-8562-40FB-BFC1-CED8CFE67686}
[2012.08.12 11:34:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{3EF9A665-F7D9-4D30-AB33-F58EA5ECDB42}
[2012.08.11 13:30:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{B21A0791-5CC4-4E7E-97A0-CE6F6DE4340C}
[2012.08.11 13:30:12 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{0B30F173-FECE-4788-B248-C9874BB15DEC}
[2012.08.10 21:09:52 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{9E155E73-20C7-49AC-8617-070D80F339C4}
[2012.08.10 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{96FD8FE9-37F4-41F4-9248-A40E260D960F}
[2012.08.10 03:03:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.10 00:50:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{59058983-2BDB-4DA5-B4EC-51911E895460}
[2012.08.10 00:49:45 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{C42B3274-C0FF-4033-981C-E179BE788D4C}
[2012.08.09 10:34:58 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{537FCCB3-3CB8-4055-BBC7-615DB39B514C}
[2012.08.09 10:34:21 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{CD5C494C-045B-4580-AE37-62940D39BBCA}
[2012.08.08 18:32:57 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{222136E3-0CC3-480A-A791-D3B55AC7AAD1}
[2012.08.08 18:32:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{986CFE0A-9183-4C5C-BA61-D244747E8F99}
[2012.08.07 23:24:02 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{68BB1416-822B-43CD-8D25-60193C91693E}
[2012.08.07 23:23:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{D0A094BD-7D62-49EF-9133-1364A243B229}
[2012.08.07 11:23:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{911A26BE-F719-4394-88BB-F68D279B7D2F}
[2012.08.07 11:22:30 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{C441A02A-E77E-4C39-9DB4-34847527358B}
[2012.08.06 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{6226B438-ABA4-4369-9EDF-0C987E2871E8}
[2012.08.06 19:35:57 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{D3A9DE1F-1BA9-4EED-A017-F205AE638C58}
[2012.08.05 10:58:42 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{593F33A4-C0D2-440F-9E3F-4D05BBB0599A}
[2012.08.05 10:58:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{775DF305-6ECF-4726-9438-A24B3DDA33ED}
[2012.08.04 13:39:52 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{E6846AE6-E769-4798-9906-361FD4CDEB2F}
[2012.08.04 13:39:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{2E8B7FAF-819F-4F02-9B5A-04C07B1A6F58}
[2012.08.03 11:01:46 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{32C132B8-B708-49FE-9FC8-86ED336B9978}
[2012.08.03 11:01:13 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{8B6B6424-3454-4FE8-A87E-6AA1E86052BA}
[2012.08.02 11:06:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{98AA74E5-0C8F-4134-A20D-DF0B6494DB90}
[2012.08.02 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{439F1AB6-F114-473A-84E9-0D3713A06AB2}
[2012.08.02 10:28:06 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{45A4583C-4D3E-43DC-A5AB-ACF9550EBD56}
[2012.08.02 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{ADD454D6-66A9-4CBC-A132-8865002B98AB}
[2012.08.01 21:52:16 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{8B8CF7FD-FE6D-4160-9E1B-1577E972B118}
[2012.08.01 21:51:14 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{985C15D8-55D6-46B2-90F6-67EE4671491E}
[2012.08.01 13:54:15 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{5473D273-9825-44AB-B1E4-5FCC93D6C35F}
[2012.08.01 13:54:15 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{38845276-47AB-4CC0-8390-58C986DBD926}
[2012.07.30 21:51:06 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle FaceCreator
[2012.07.30 21:51:05 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle Puzzle and Board Games
[2012.07.30 19:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Encore
[2012.07.30 19:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Encore
[2012.07.30 19:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (June 2010)
[2012.07.30 19:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)
[2012.07.30 18:56:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.07.30 18:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2012.07.30 18:53:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\Desktop\hoyle
[2012.07.30 18:53:16 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.07.30 18:53:11 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\DAEMON Tools Pro
[2012.07.30 18:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2012.07.30 18:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2008.08.11 22:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.24 11:22:01 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 11:22:01 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.24 11:14:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.24 11:13:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.24 11:13:49 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.24 01:50:32 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.23 16:47:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001UA.job
[2012.08.23 12:51:33 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.08.23 12:47:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001Core.job
[2012.08.21 21:26:29 | 011,812,908 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0361.psd
[2012.08.21 19:15:34 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.21 19:15:34 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.21 19:15:34 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.21 19:15:34 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.21 19:15:34 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.12 20:26:15 | 000,000,051 | ---- | M] () -- C:\ProgramData\bljdfpdunexvptq
[2012.08.09 11:41:48 | 000,056,214 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\167753_1779780370673_3916051_n.jpg
[2012.07.31 02:56:36 | 005,020,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.30 18:53:16 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.07.27 18:56:32 | 000,945,590 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0372.JPG
[2012.07.27 18:56:29 | 000,923,411 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0371.JPG
[2012.07.27 18:56:12 | 000,909,264 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0370.JPG
[2012.07.26 10:49:00 | 003,390,641 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\AsafAvidanOneDayReckoningSongWankelmutRemix_8873.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.23 12:51:33 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.08.21 21:26:27 | 011,812,908 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0361.psd
[2012.08.21 20:18:12 | 000,785,113 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0361.JPG
[2012.08.12 20:26:13 | 000,000,051 | ---- | C] () -- C:\ProgramData\bljdfpdunexvptq
[2012.08.09 11:41:55 | 000,056,214 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\167753_1779780370673_3916051_n.jpg
[2012.08.06 12:17:50 | 000,650,649 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0347.JPG
[2012.08.06 12:17:06 | 000,646,915 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0356.JPG
[2012.08.06 12:16:57 | 000,945,590 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0372.JPG
[2012.08.06 12:16:54 | 000,923,411 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0371.JPG
[2012.08.06 12:16:52 | 000,909,264 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0370.JPG
[2012.07.26 10:49:06 | 003,390,641 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\AsafAvidanOneDayReckoningSongWankelmutRemix_8873.mp3
[2012.04.12 14:27:37 | 000,000,051 | ---- | C] () -- C:\Users\Nadine Sandmann\start_with_demo.bat
[2012.04.12 14:23:46 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.09 16:50:42 | 000,056,799 | -HS- | C] () -- C:\Users\Nadine Sandmann\Folder.jpg
[2012.04.09 16:50:41 | 000,009,287 | -HS- | C] () -- C:\Users\Nadine Sandmann\AlbumArtSmall.jpg
[2012.03.18 22:51:34 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.27 17:42:07 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2009.04.08 11:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2012.01.24 22:47:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Blender Foundation
[2012.06.29 10:25:09 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.30 22:07:59 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.30 19:00:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DAEMON Tools Pro
[2012.02.01 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DassaultSystemes
[2012.03.27 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DiskAid
[2012.07.31 13:13:09 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox
[2012.08.23 12:52:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\elsterformular
[2012.08.04 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle FaceCreator
[2012.08.12 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle Puzzle and Board Games
[2012.05.04 16:28:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\log
[2012.07.09 10:18:32 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Luxology
[2012.06.20 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Materialise
[2011.12.31 13:40:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\PACE Anti-Piracy
[2012.05.07 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\PDF Software
[2012.05.07 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\pdfforge
[2012.01.13 00:30:17 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\TrueCrypt
[2012.03.18 22:56:11 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\VDownloader
[2012.01.22 18:29:10 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Wacom
[2012.01.22 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2012.06.28 19:21:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.26 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Adobe
[2012.04.02 10:38:38 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Apple Computer
[2011.12.28 11:17:30 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Avira
[2012.01.24 22:47:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Blender Foundation
[2012.06.29 10:25:09 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.30 22:07:59 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.07.30 19:00:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DAEMON Tools Pro
[2012.02.01 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DassaultSystemes
[2012.03.27 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DiskAid
[2012.05.02 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DivX
[2012.07.31 13:13:09 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox
[2012.08.23 12:52:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\elsterformular
[2012.08.04 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle FaceCreator
[2012.08.12 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle Puzzle and Board Games
[2011.12.27 16:15:53 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Identities
[2011.12.27 16:27:30 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\InstallShield
[2012.05.04 16:28:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\log
[2012.07.09 10:18:32 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Luxology
[2011.12.27 16:44:25 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Macromedia
[2012.08.12 21:26:38 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Malwarebytes
[2012.06.20 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Materialise
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Media Center Programs
[2012.02.27 23:19:08 | 000,000,000 | --SD | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Microsoft
[2012.01.14 15:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Mozilla
[2012.01.24 22:07:32 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\NVIDIA
[2011.12.31 13:40:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\PACE Anti-Piracy
[2012.05.07 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\PDF Software
[2012.05.07 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\pdfforge
[2012.08.12 22:50:57 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Real
[2012.08.12 21:06:44 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Skype
[2012.07.09 08:05:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\SolidWorks
[2012.01.13 00:30:17 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\TrueCrypt
[2012.03.18 22:56:11 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\VDownloader
[2012.01.22 18:29:10 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Wacom
[2012.01.22 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2011.12.27 16:20:11 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\WinRAR
[2012.01.22 18:23:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\WTablet
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.02.07 16:28:27 | 000,010,134 | R--- | M] () -- C:\Users\Nadine Sandmann\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2012.07.15 15:12:51 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe
[2012.08.05 14:58:47 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe
[2012.08.05 14:58:16 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.11.11 07:40:13 | 010,991,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >
[2012.01.18 00:02:56 | 000,000,174 | -HS- | M] () -- C:\Users\Nadine Sandmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
 
< %APPDATA%\*AcroIEH*.* >
 
< %APPDATA%\*.exe >
 
< %APPDATA%\*.tmp >

< End of report >
         

Liebe Grüße,
Talisha
__________________

Alt 24.08.2012, 15:18   #4
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes,DefaultScope = {DAFFB72C-1F8A-407F-A58C-6AD4DC86E886} 
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes\{DAFFB72C-1F8A-407F-A58C-6AD4DC86E886}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local; 
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 1641.77.222232.226:8080 
FF - prefs.js..network.proxy.ftp: "159.224.205.252" 
FF - prefs.js..network.proxy.ftp_port: 8080 
FF - prefs.js..network.proxy.http: "90.183.248.54" 
FF - prefs.js..network.proxy.http_port: 8080 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.socks: "159.224.205.252" 
FF - prefs.js..network.proxy.socks_port: 8080 
FF - prefs.js..network.proxy.ssl: "159.224.205.252" 
FF - prefs.js..network.proxy.ssl_port: 8080 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O3 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. 
O4:64bit: - HKLM..\Run: [] File not found 
O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001..\Run: [AdobeBridge] File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found 
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found 
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found 
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found 
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found 
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found 
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found 
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found 
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{bbcc9377-35fa-11e1-be01-0023541e39aa}\Shell - "" = AutoRun 
O33 - MountPoints2\{bbcc9377-35fa-11e1-be01-0023541e39aa}\Shell\AutoRun\command - "" = F:\pushinst.exe 
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - File not found 
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - File not found 
MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found 
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () 
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - File not found 
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - File not found 
MsConfig:64bit - State: "startup" - Reg Error: Key error. 
MsConfig:64bit - State: "services" - Reg Error: Key error. 
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy 
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume 
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy 
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume 
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy 
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume 
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy 
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume 
 
[2012.08.23 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular 
[2012.08.12 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\cffiksbhrtiuiyi 

[2012.08.12 20:26:15 | 000,000,051 | ---- | M] () -- C:\ProgramData\bljdfpdunexvptq 

[2012.07.15 15:12:51 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe 
[2012.08.05 14:58:47 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe 
[2012.08.05 14:58:16 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe 


[2012.08.24 11:14:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.24 01:50:22 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{20465E1D-9D2C-4FBB-A9EA-B7D72F8CCFDD} 
[2012.08.24 01:50:32 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.23 16:47:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001UA.job 
[2012.08.23 12:47:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001Core.job 

:Files

C:\Users\Nadine Sandmann\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Nadine Sandmann\AppData\Local\Temp\*.exe
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.08.2012, 15:49   #5
xtallix
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Danke für die Antwort.
Ich habe obiges nun getan, jedoch hat sich OTL aufgehängt. Schon nach 3 Sekunden erschien "(Keine Rückmeldung)" oben im Fenster.

Soll ich das Programm nun laufen lassen oder nochmal neu starten?

Edit:
Musste den Laptop neu starten, da sich dann alles aufgehängt hatte. Auch nach erneutem Versuch mit OTL zu fixen, hängt sich das Programm nach 3 Sekunden wieder auf.


Geändert von xtallix (24.08.2012 um 16:24 Uhr)

Alt 24.08.2012, 16:32   #6
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Versuche diesen Fix:

Code:
ATTFilter
:OTL

IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local; 
IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 1641.77.222232.226:8080 
FF - prefs.js..network.proxy.ftp: "159.224.205.252" 
FF - prefs.js..network.proxy.ftp_port: 8080 
FF - prefs.js..network.proxy.http: "90.183.248.54" 
FF - prefs.js..network.proxy.http_port: 8080 
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" 
FF - prefs.js..network.proxy.share_proxy_settings: true 
FF - prefs.js..network.proxy.socks: "159.224.205.252" 
FF - prefs.js..network.proxy.socks_port: 8080 
FF - prefs.js..network.proxy.ssl: "159.224.205.252" 
FF - prefs.js..network.proxy.ssl_port: 8080 
FF - prefs.js..network.proxy.type: 0 
FF - user.js - File not found 
 
O4:64bit: - HKLM..\Run: [] File not found 
O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001..\Run: [AdobeBridge] File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
 
[2012.08.23 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular 
[2012.08.12 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\cffiksbhrtiuiyi 

[2012.08.12 20:26:15 | 000,000,051 | ---- | M] () -- C:\ProgramData\bljdfpdunexvptq 

[2012.07.15 15:12:51 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe 
[2012.08.05 14:58:47 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe 
[2012.08.05 14:58:16 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe 


[2012.08.24 11:14:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.08.24 01:50:22 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{20465E1D-9D2C-4FBB-A9EA-B7D72F8CCFDD} 
[2012.08.24 01:50:32 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.08.23 16:47:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001UA.job 
[2012.08.23 12:47:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001Core.job 

:Files

C:\Users\Nadine Sandmann\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Nadine Sandmann\AppData\Local\Temp\*.exe
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
__________________
--> Bundespolizei-Trojaner

Alt 24.08.2012, 16:54   #7
xtallix
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Nun hat es funktioniert

Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "159.224.205.252" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "90.183.248.54" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "159.224.205.252" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "159.224.205.252" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-21-2982578659-3277241682-3497648708-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
C:\ProgramData\elsterformular\setup folder moved successfully.
C:\ProgramData\elsterformular\pica folder moved successfully.
C:\ProgramData\elsterformular folder moved successfully.
C:\ProgramData\cffiksbhrtiuiyi folder moved successfully.
C:\ProgramData\bljdfpdunexvptq moved successfully.
C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe moved successfully.
C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe moved successfully.
C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{20465E1D-9D2C-4FBB-A9EA-B7D72F8CCFDD} folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001Core.job moved successfully.
========== FILES ==========
C:\Users\Nadine Sandmann\AppData\Local\{09A83211-FD82-4C0A-A2FC-F8AF55517DD2} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{0A3E608B-AF56-457C-A7CA-0C2B79F6D628} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{0B30F173-FECE-4788-B248-C9874BB15DEC} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{1DE70EE0-213C-471B-93A0-9BE382EF74C9} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{222136E3-0CC3-480A-A791-D3B55AC7AAD1} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{2CCDF18A-FF00-496F-9623-274D18D47758} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{2E8B7FAF-819F-4F02-9B5A-04C07B1A6F58} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{32C132B8-B708-49FE-9FC8-86ED336B9978} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{38845276-47AB-4CC0-8390-58C986DBD926} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{3967F28F-8562-40FB-BFC1-CED8CFE67686} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{3BFBF52B-9A17-44B3-B953-C94CB1C087EA} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{3EF9A665-F7D9-4D30-AB33-F58EA5ECDB42} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{439F1AB6-F114-473A-84E9-0D3713A06AB2} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{45A4583C-4D3E-43DC-A5AB-ACF9550EBD56} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{4709E8AD-DA51-48D6-887F-96FD1E2CD9F5} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{4C973F18-2DBF-469A-BC03-439029CDC34C} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{4CE3A239-80BE-41EC-B475-873D4AAB4439} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{537FCCB3-3CB8-4055-BBC7-615DB39B514C} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{5473D273-9825-44AB-B1E4-5FCC93D6C35F} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{59058983-2BDB-4DA5-B4EC-51911E895460} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{593F33A4-C0D2-440F-9E3F-4D05BBB0599A} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{5A1BF89D-659C-4A0A-A1BB-74EC276561A2} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{6226B438-ABA4-4369-9EDF-0C987E2871E8} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{64B264D5-2A4B-4C2C-BD91-B9826CBBDC8F} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{68BB1416-822B-43CD-8D25-60193C91693E} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{6AFBC841-55C9-41C0-A858-4A5496D35A31} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{775DF305-6ECF-4726-9438-A24B3DDA33ED} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{7D65C231-641B-4A7F-A4F7-789955607C69} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{887E5317-9E23-4C05-9AB8-41D260AD9066} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{8B6B6424-3454-4FE8-A87E-6AA1E86052BA} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{8B8CF7FD-FE6D-4160-9E1B-1577E972B118} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{911A26BE-F719-4394-88BB-F68D279B7D2F} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{96FD8FE9-37F4-41F4-9248-A40E260D960F} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{985C15D8-55D6-46B2-90F6-67EE4671491E} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{986CFE0A-9183-4C5C-BA61-D244747E8F99} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{98AA74E5-0C8F-4134-A20D-DF0B6494DB90} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{9E155E73-20C7-49AC-8617-070D80F339C4} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{ADD454D6-66A9-4CBC-A132-8865002B98AB} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{B21A0791-5CC4-4E7E-97A0-CE6F6DE4340C} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{B30B19E2-88D3-4ED3-8E75-A168D85C9A00} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{C1EF6056-440A-4624-80F2-EE78695DCAF5} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{C42B3274-C0FF-4033-981C-E179BE788D4C} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{C441A02A-E77E-4C39-9DB4-34847527358B} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{CD5C494C-045B-4580-AE37-62940D39BBCA} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{D0A094BD-7D62-49EF-9133-1364A243B229} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{D3A9DE1F-1BA9-4EED-A017-F205AE638C58} folder moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\{E6846AE6-E769-4798-9906-361FD4CDEB2F} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\Nadine Sandmann\AppData\Local\Temp\KOCG_Solitaire.exe moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nadine Sandmann\Downloads\cmd.bat deleted successfully.
C:\Users\Nadine Sandmann\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nadine Sandmann
->Temp folder emptied: 65940189 bytes
->Temporary Internet Files folder emptied: 8675276 bytes
->FireFox cache emptied: 46498481 bytes
->Google Chrome cache emptied: 64062626 bytes
->Flash cache emptied: 975 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169069 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36081758 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 211,00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08242012_174801

Files\Folders moved on Reboot...
C:\Users\Nadine Sandmann\AppData\Local\Temp\7zS78D9\HPSLPSVC64.DLL moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\Temp\~DF068EC892E30DDEBE.TMP moved successfully.
C:\Users\Nadine Sandmann\AppData\Local\Temp\~DF5D1B8E1B494560E5.TMP moved successfully.

PendingFileRenameOperations files...
File C:\Users\Nadine Sandmann\AppData\Local\Temp\7zS78D9\HPSLPSVC64.DLL not found!
File C:\Users\Nadine Sandmann\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Nadine Sandmann\AppData\Local\Temp\~DF068EC892E30DDEBE.TMP not found!
File C:\Users\Nadine Sandmann\AppData\Local\Temp\~DF5D1B8E1B494560E5.TMP not found!

Registry entries deleted on Reboot...
         

Alt 24.08.2012, 18:07   #8
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.08.2012, 20:01   #9
xtallix
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Ok, Malwarebytes hat nichts gefunden:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Nadine Sandmann :: TALLI [Administrator]

Schutz: Aktiviert

24.08.2012 19:18:44
mbam-log-2012-08-24 (19-18-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449462
Laufzeit: 1 Stunde(n), 34 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und hier die Log vom AdwCleaner:

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/24/2012 at 20:58:15
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Nadine Sandmann - TALLI
# Boot Mode : Normal
# Running from : C:\Users\Nadine Sandmann\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Nadine Sandmann\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Nadine Sandmann\AppData\Roaming\pdfforge

***** [Registry] *****

Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0 (de)

Profile name : default 
File : C:\Users\Nadine Sandmann\AppData\Roaming\Mozilla\Firefox\Profiles\y5yxrob3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1127 octets] - [24/08/2012 20:58:15]

########## EOF - C:\AdwCleaner[R1].txt - [1255 octets] ##########
         

Liebe Grüße

Alt 24.08.2012, 20:57   #10
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 24.08.2012, 22:51   #11
xtallix
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Hier die Log vom adwCleaner:

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/24/2012 at 22:08:49
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Nadine Sandmann - TALLI
# Boot Mode : Normal
# Running from : C:\Users\Nadine Sandmann\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Nadine Sandmann\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Nadine Sandmann\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0 (de)

Profile name : default 
File : C:\Users\Nadine Sandmann\AppData\Roaming\Mozilla\Firefox\Profiles\y5yxrob3.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1254 octets] - [24/08/2012 20:58:15]
AdwCleaner[S1].txt - [1149 octets] - [24/08/2012 22:08:49]

########## EOF - C:\AdwCleaner[S1].txt - [1277 octets] ##########
         
und hier der Bericht von Emsisoft anti-malware:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 24.08.2012 22:18:59

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	24.08.2012 22:19:17

C:\Program Files\WinRAR\Zip.SFX 	gefunden: Trojan-Spy.Win32.Delf!E1
C:\Program Files\vvvv_45beta27.1\lib\thirdparty\WinLockDll.dll 	gefunden: Riskware.RiskTool.Win32.Disabler.AMN!E1

Gescannt	727049
Gefunden	2

Scan Ende:	24.08.2012 23:46:38
Scan Zeit:	1:27:21
         

Liebe Grüße

Alt 24.08.2012, 22:53   #12
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.08.2012, 04:05   #13
xtallix
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Hier die Logfile von ESET:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d3591d509724624396e51490dabb0ff9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-25 12:40:10
# local_time=2012-08-25 02:40:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 20843459 20843459 0 0
# compatibility_mode=5893 16776573 100 94 1044681 97475694 0 0
# compatibility_mode=8192 67108863 100 0 116 116 0 0
# scanned=248990
# found=1
# cleaned=1
# scan_time=9366
C:\_OTL\MovedFiles\08242012_174801\C_ProgramData\cffiksbhrtiuiyi\main.html	HTML/Ransom.B trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 25.08.2012, 15:44   #14
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.08.2012, 16:48   #15
xtallix
 
Bundespolizei-Trojaner - Standard

Bundespolizei-Trojaner



Code:
ATTFilter
PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Chrome 21.0.1180.83 ist aktuell
Flash 11,3,31,230 ist veraltet! 
Aktualisieren Sie bitte auf die neueste Version!

Java (1,7,0,6) ist aktuell.
undefined
         
Liebe Grüße

Edit:
Bei Flash wird mir aber angezeigt, dass ich schon einen für Chrome hätte, wenn ich auf die Adobe Seite gehe.

Hallo nochmal,
ich bin ab morgen früh für 3 Wochen im Urlaub und weiß noch nicht, ob ich in der Zeit in diesem Thread antworten kann.
Kommt denn noch einiges auf mich zu oder ist mein Laptop schon auf der Zielgeraden?

Ich würde mich über eine schnelle Rückmeldung freuen,

liebe Grüße

Antwort

Themen zu Bundespolizei-Trojaner
abgesicherte, abgesicherten, abgesicherten modus, ahnung, antivir, bekannte, bundespolizei-trojaner, einfach, eingefangen, ellung, funktionier, führte, gefangen, gefunde, gen, keine ahnung, konnte, laptop, malwarebytes, modus, nichts, systemwiederherstellung, vorgehen, wirklich, überhaupt




Ähnliche Themen: Bundespolizei-Trojaner


  1. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 03.10.2012 (38)
  2. BUNDESPOLIZEI Trojaner
    Log-Analyse und Auswertung - 08.08.2012 (7)
  3. Bundespolizei Trojaner
    Mülltonne - 20.07.2012 (0)
  4. Trojaner Bundespolizei
    Log-Analyse und Auswertung - 16.06.2012 (1)
  5. Bundespolizei Trojaner 1.09
    Plagegeister aller Art und deren Bekämpfung - 20.04.2012 (17)
  6. Bundespolizei Trojaner auf win XP
    Log-Analyse und Auswertung - 12.04.2012 (1)
  7. Bundespolizei Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 29.12.2011 (5)
  8. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 26.12.2011 (8)
  9. Bundespolizei Trojaner??
    Plagegeister aller Art und deren Bekämpfung - 26.12.2011 (27)
  10. Bundespolizei Trojaner - Win XP
    Log-Analyse und Auswertung - 18.12.2011 (1)
  11. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 08.11.2011 (1)
  12. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  13. Bundespolizei Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  14. Bundespolizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (3)
  15. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 07.08.2011 (1)
  16. Bundespolizei Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (6)
  17. Bundespolizei-Trojaner
    Log-Analyse und Auswertung - 16.04.2011 (3)

Zum Thema Bundespolizei-Trojaner - Hallo, Ich habe mir den schon altbekannten Bundespolizei-Trojaner eingefangen, bei dem einfach gar nichts mehr funktioniert. Im abgesicherten Modus lief mein Laptop dann ganz normal und ich führte eine Systemwiederherstellung - Bundespolizei-Trojaner...
Archiv
Du betrachtest: Bundespolizei-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.